Splunk Fundamentals 1 > Module 12: Lookups > Flashcards

Module 12: Lookups Flashcards

(8 cards)

Study These Flashcards
1
Q

Lookup

A

Outside non-event data added to an index to provide supporting info/context

(Dataset)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Two steps to setup a lookup

A

Upload lookup file (CSV)

Define lookup type

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Lookup command

A

inputlookup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Lookups are assigned to which apps?

A

Only the one imported to or with permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Output clause

A

Choose which fields lookup returns

(New fields)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

outputnew clause

A

Prevents overwriting existing fields

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

inputlookup command

A

Load results from static lookup

Works on file and imported definition {values}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Time-based lookups

A

Can be created if a field contains a timestamp

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
Splunk Fundamentals 1
flashcards
Decks in class (14)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions