Lookup against CSV that's stored within SumoLogic itself?

Follow

Kenneth Ord

• August 22, 2019 15:34

My search results for log data return IP addresses of hosts which I need to be resolved to hostnames. I have a CSV hosted on a web server and I can get SumoLogic to look up each IP in the CSV from the external web server and return the hostname for inclusion in the results. I'd like to stop using the web server and instead have the data held directly in SumoLogic. Is this possible? None of the IP address and hostname data is held anywhere in my logs and I don't want to create a collector simply to look up the contents of a file to get the data into SumoLogic. Is there any way I can upload data like a CSV and use it?

 

Thanks

0

• Official comment

  

  Ryan Johnson

  • August 23, 2019 01:30
  • Edited

  Hi Kenneth!

  Historically I would recommend one of the following:

  1. Externally HTTPS hosted CSV (what you've been doing)
  2. Dedicated collector to monitor and upload the file (what you'd rather not do), or;
  3. Combining the data from either step 1 or 2, and apply a unnecessarily complex search query to save this to a lookup stored in the platform (what no-one should have to do)

  Now the (soon to be) good news is that we'll be announcing a major uplift of our lookup capabilities at our user conference 'Illuminate' next month which will address your requirements (and then some!). So while I don't have a nice solution for you today, I can assure you than help is on the way :-)

  Cheers!

  - RJ

  Comment actions Permalink
• 

  Kenneth Ord

  • August 23, 2019 09:22

  Thanks, Ryan, the new enhancements sound very intriguing :-)

  Ken

  0

  Comment actions Permalink

Please sign in to leave a comment.