Hi Guys,
i have observed different output
in action "Execute Splunk query" if query is beginning with | pipe output is accurate
| inputlookup data.csv | head 5
and if without | pipe result is different
inputlookup data.csv | head 5
Any idea why?
Solved
Splunk Query
+14- Silver 4
Best answer by mikewilusz
It's my understanding any time you want Splunk to execute a command in search, you'll put a "|" before the command. So without the pipe in your 2nd search, I believe it's searching for the string "inputlookup data.csv" rather than actually running the "inputlookup" command.
-mike
+10It's my understanding any time you want Splunk to execute a command in search, you'll put a "|" before the command. So without the pipe in your 2nd search, I believe it's searching for the string "inputlookup data.csv" rather than actually running the "inputlookup" command.
-mike
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.