In this video I will talk about the usefulness of lookup tables within Splunk. There will be a demonstration on how to use 3 search commands (lookup, inputlookup and outputlookup) that interact with lookup tables. I will also show off the Splunk App for Lookup File Editing in my environment and highly recommend installing this Splunk app from splunkbase.splunk.com website.

I have used many lookup tables to help me maintain a validated user list, translate IP addresses and more throughout my career.

Splunk documentation links:

About Lookups:
https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Aboutlookupsandfieldactions

Define a CSV lookup in Splunk Web:
https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Usefieldlookupstoaddinformationtoyourevents

Lookup example in Splunk Web:
https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/LookupexampleinSplunkWeb

Lookup search command:
https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/lookup

Inputlookup search command:
https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Inputlookup

Outputlookup search command:
https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Outputlookup

Splunk App links:

Splunk App for Lookup File Editing:
https://splunkbase.splunk.com/app/1724