This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
New SecOps Webinar May 14th! Learn about Gemini's generative AI within Google SecOps
Log in to ask a question

Splunk Query

Posted on 08-30-2024 01:18 PM
vanitharaj1208
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

Hi Guys,

i have observed different output 

in action "Execute Splunk query" if query is beginning with | pipe output is accurate 

| inputlookup data.csv | head 5

and if without | pipe result is different 

inputlookup data.csv | head 5

Any idea why?

Solved Solved
0 1 194
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
mikewilusz
Staff
Reply posted on --/--/---- --:-- AM

It's my understanding any time you want Splunk to execute a command in search, you'll put a "|" before the command. So without the pipe in your 2nd search, I believe it's searching for the string "inputlookup data.csv" rather than actually running the "inputlookup" command. 

-mike

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
mikewilusz
Staff
Reply posted on --/--/---- --:-- AM

It's my understanding any time you want Splunk to execute a command in search, you'll put a "|" before the command. So without the pipe in your 2nd search, I believe it's searching for the string "inputlookup data.csv" rather than actually running the "inputlookup" command. 

-mike

Jump to Solution
Top Solution Authors
View all