Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Even though automatic lookup fields work, why does it not appear on the Statistics table and Dashboard?

alexantao
Path Finder
‎03-19-2019 11:50 AM

Hi, I used to work on Splunk but stopped 2 years ago and now I'm rusty.
Could someone help me with this issue ?

I have a firewall log and it has the port/protocol the user access, each one in you field ( dst_port - ex 443, transport - UDP/TCP ) and the service field like 443/tcp.

First made a table (with works) to display the most used port/protocol: 

 |top service

Now, I'd like to show that table but with the name/description of that protocol. Soo I downloaded IANA' s App and installed. Then I created a automatic Lookup that gets the dst_pot and protocol and outputs it's "Service Name" and "Service Description" fields.
When I perform a search (like the above), I can see the new fields on field list.
But when I create de table those new fields are always empty. Tried a lot of other variations of commands but none works:

|chart count by service | table "Service Name", "Service Description", service, count
|top service | table "Service Name", "Service Description", service, count

What am I doing wrong here ?
Thanks.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...