9/13/2023 0 Comments Splunk inputlookup![]() | lookup Master.csv cs_username OUTPUT ClientīTW: If I just run a search composed only of the inputlookup clause including the where function I get a list of records associated only with INVA and NG. ![]() index="adviis" sourcetype="adviis" latest=-90d The servertype can be one of three values while ClientType can be one of four values. I suspect that it may be in the "where" clause but I'm not certain. This is the new search and it consistently returns zero results. 1 Solution Solution gokadroid Motivator 10-28-2016 06:24 PM Lets say your Lookup table is 'inputLookup. | table cs_username, Status, Account, "Download MBs", "Upload MBs" | lookup KZNG-INVA.csv cs_username OUTPUT Client | rangemap field=StatA Monitor=0-1 Contact=2-9999 ![]() | stats first(time_delta_days) as Access by cs_username | eval timedelta=now()-_time | eval time_delta_days=floor(timedelta/86400) This is the original search and it works perfectly. In the Permissions dialog box, under Object should appear in to share globally. In the Lookup table list, click Permissions in the Sharing column of the ipv6test lookup you want to share. ![]() This is the name the lookup table file will have on the Splunk server. Maybe I'm looking at it too hard and long. Enter ipv6test.csv as the destination filename. For the most part the conversion has worked well but in one type of instance it does not and I can't figure out why. In an attempt to reduce the number of lookup tables we use we have created a master lookup table that has many columns. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |