Dashboards & Visualizations
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Even though automatic lookup fields work, why does it not appear on the Statistics table and Dashboard?

alexantao
Path Finder
‎03-19-2019 11:50 AM

Hi, I used to work on Splunk but stopped 2 years ago and now I'm rusty.
Could someone help me with this issue ?

I have a firewall log and it has the port/protocol the user access, each one in you field ( dst_port - ex 443, transport - UDP/TCP ) and the service field like 443/tcp.

First made a table (with works) to display the most used port/protocol: 

 |top service

Now, I'd like to show that table but with the name/description of that protocol. Soo I downloaded IANA' s App and installed. Then I created a automatic Lookup that gets the dst_pot and protocol and outputs it's "Service Name" and "Service Description" fields.
When I perform a search (like the above), I can see the new fields on field list.
But when I create de table those new fields are always empty. Tried a lot of other variations of commands but none works:

|chart count by service | table "Service Name", "Service Description", service, count
|top service | table "Service Name", "Service Description", service, count

What am I doing wrong here ?
Thanks.

0 Karma
Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top