topic how to iterate a column's values like python in command? in Splunk Search https://community.splunk.com/t5/Splunk-Search/how-to-iterate-a-column-s-values-like-python-in-command/m-p/299548#M160252 <P>"daily.cld" | rex field=_raw "version: (?\d+.)," | rex field=_raw "sigs: (?\d+.)," | convert timeformat="%Y-%m-%d" ctime(_time) AS date | table source, date, version, sigs | where date=strftime(now(), "%Y-%m-%d")</P> <P>is there a command like python to find missing server log file?</P> <P>input a correct full list of name ["name1", "name2", "name3"]<BR /> and compare with the columns values , to find which name in full list not in the values of columns of search table</P> Tue, 29 Sep 2020 14:47:26 GMT cyberportnoc 2020-09-29T14:47:26Z how to iterate a column's values like python in command? https://community.splunk.com/t5/Splunk-Search/how-to-iterate-a-column-s-values-like-python-in-command/m-p/299548#M160252 <P>"daily.cld" | rex field=_raw "version: (?\d+.)," | rex field=_raw "sigs: (?\d+.)," | convert timeformat="%Y-%m-%d" ctime(_time) AS date | table source, date, version, sigs | where date=strftime(now(), "%Y-%m-%d")</P> <P>is there a command like python to find missing server log file?</P> <P>input a correct full list of name ["name1", "name2", "name3"]<BR /> and compare with the columns values , to find which name in full list not in the values of columns of search table</P> Tue, 29 Sep 2020 14:47:26 GMT https://community.splunk.com/t5/Splunk-Search/how-to-iterate-a-column-s-values-like-python-in-command/m-p/299548#M160252 cyberportnoc 2020-09-29T14:47:26Z Re: how to iterate a column's values like python in command? https://community.splunk.com/t5/Splunk-Search/how-to-iterate-a-column-s-values-like-python-in-command/m-p/299549#M160253 <P>Hi cyberportnoc,</P> <P>create a lookup with all your servers (e.g. perimeter.csv) calling column host and possibly using only uppercase (not mandatory)<BR /> run this search:</P> <PRE><CODE>your search | eval host=upper(host) | stats count by host | append [ | inputlookup perimeter.csv | eval host=upper(host), count=0 | fields host count ] | stats sum(count) AS Total by host | where Total = 0 </CODE></PRE> <P>In this way you listed all missing hosts.<BR /> without the last condition (where Total=0) you have the status of all your servers that you can display in a dashboard also in graphic mode.</P> <P>Bye.<BR /> Giuseppe</P> Mon, 10 Jul 2017 09:23:53 GMT https://community.splunk.com/t5/Splunk-Search/how-to-iterate-a-column-s-values-like-python-in-command/m-p/299549#M160253 gcusello 2017-07-10T09:23:53Z