AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Splunk inputlookup12/5/2023 ![]() | lookup Master.csv cs_username OUTPUT ClientīTW: If I just run a search composed only of the inputlookup clause including the where function I get a list of records associated only with INVA and NG. To clarify, this is useful for cases where you want to append data to the csv file without making duplicate 'keys'. index="adviis" sourcetype="adviis" latest=-90d In splunk 6.x the above did not work until I change inputlookup x to append inputlookup x. The servertype can be one of three values while ClientType can be one of four values. I suspect that it may be in the "where" clause but I'm not certain. This is the new search and it consistently returns zero results. | table cs_username, Status, Account, "Download MBs", "Upload MBs" | lookup KZNG-INVA.csv cs_username OUTPUT Client | rangemap field=StatA Monitor=0-1 Contact=2-9999 | stats first(time_delta_days) as Access by cs_username ![]() If you dont find the search you need check back soon as searches are. | eval timedelta=now()-_time | eval time_delta_days=floor(timedelta/86400) is a collection of Splunk searches and other Splunk resources. if Source got passed back at all, it would act as a limit on the main search, rather than giving extra information. index="adviis" sourcetype="adviis" latest=-90d sbbadri - The user didnt say so, but the brackets indicate that this is a subsearch, so this solution will not work. This is the original search and it works perfectly. ![]() Maybe I'm looking at it too hard and long. For the most part the conversion has worked well but in one type of instance it does not and I can't figure out why. In an attempt to reduce the number of lookup tables we use we have created a master lookup table that has many columns. ![]()
0 Comments
Read More
Leave a Reply. |