Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Even though automatic lookup fields work, why does it not appear on the Statistics table and Dashboard?

alexantao
Path Finder
‎03-19-2019 11:50 AM

Hi, I used to work on Splunk but stopped 2 years ago and now I'm rusty.
Could someone help me with this issue ?

I have a firewall log and it has the port/protocol the user access, each one in you field ( dst_port - ex 443, transport - UDP/TCP ) and the service field like 443/tcp.

First made a table (with works) to display the most used port/protocol: 

 |top service

Now, I'd like to show that table but with the name/description of that protocol. Soo I downloaded IANA' s App and installed. Then I created a automatic Lookup that gets the dst_pot and protocol and outputs it's "Service Name" and "Service Description" fields.
When I perform a search (like the above), I can see the new fields on field list.
But when I create de table those new fields are always empty. Tried a lot of other variations of commands but none works:

|chart count by service | table "Service Name", "Service Description", service, count
|top service | table "Service Name", "Service Description", service, count

What am I doing wrong here ?
Thanks.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 2)

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Index This | I am a number but I am countless. What am I?

January 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  Happy New Year! We’re ...

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

PLATFORM TECH TALKS What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience Thursday, February 27, ...