Hi Everyone,

I have one requirement:

I have one Usage Dashboard where I am showing the dashboard Name with their Count.

Below is the search query for it:

index="_internal" EventLogFiles
| eval DashboardName=if(like(uri, "%EventLogFiles%"), "EventLogFiles", "Unknown Dashboards")
| stats count by DashboardName |append[search index="_internal" InformaticaExtract
| eval DashboardName=if(like(uri, "%InformaticaExtract%"), "InformaticaExtract", "Unknown Dashboards")
| stats count by DashboardName]|sort DashboardName

I am getting result like this :

DashboardName                                                      Count

EventLogFiles                                                               500

InformaticaExtract                                                     345

Now My requirement is like this:

I need to create one lookup file(Dashboard.csv) which consists of Dashboard Name like EventLogFiles   and InformaticaExtract      etc. 

I want my lookup to combine with my search query to show the counts.

I want my DashboardName to come from lookup File and my count should come from my search query.

Can someone Guide me on that.

Thanks in advance.