英文:
Splunk lookup table returns empty result
问题
当我查找表格时,返回的结果为空。发生了什么问题?
英文:
I have a simple lookup table as following
But when I lookup the table it returns empty results
| makeresults
| eval ip="10.10.10.10"
| lookup my_test ip as ip output info as info
What was wrong?
答案1
得分: 2
如何定义我的 my_test 查找?默认情况下,Splunk查找表执行严格的文本匹配搜索。"10.10.10.10" 不匹配 "10.10.10.10/32",所以 lookup 不返回任何结果。
要匹配CIDR地址,必须定义查找以在特定字段上使用它们。转到设置->查找->查找定义,然后选择 my_test。勾选 "高级选项" 框,并在 "匹配类型" 框中输入 "CIDR(ip)"。然后点击保存。
英文:
How is the my_test lookup defined? By default, Splunk lookup tables perform strict text-matching searches. "10.10.10.10" does not match "10.10.10.10/32" so lookup returns nothing.
To match CIDR addresses, the lookup must be defined to use them on specific fields. Go to Settings->Lookups->Lookup definitions and select my_test. Tick the "Advanced options" box and enter "CIDR(ip)" in the "Match type" box. Then click Save.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论