1
Q
What is the function of a lookup?
A
Allows you to add values to your events not included in the indexed data
2
Q
Are lookup fields case sensitive?
A
Yes
3
Q
How do you start a new lookup i.e. which menus
A
Settings, Lookups, Add New
4
Q
What is the purpose of ‘Automatic Lookup’
A
It means you don’t have to ‘define’ a lookup in your search, you can use predefined search
5
Q
Give an example of a manual lookup
A
Sourcetype=access_combined NOT status=200 | lookup http_status as status, OUTPUT code as “HTTP Code”, description as “HTTP Descritpion”
6
Q
Given an example of an automatic lookup for the same as the last quesetion
A
Sourcetype=access_combined NOT status=200 | table host, “Code’, “Description”
Splunk Fundamentals
flashcards
Decks in class (7)
# Cards
