- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![archersplunk archersplunk](https://community.splunk.com/legacyfs/online/avatars/566014.jpg)
What would be the best way to add 'hostname' field to the 'Status Overview' dash under Uptime Monitoring. I noticed under 'Data Inputs' / 'Ping' , a name(hostname) exists as new hosts are added. Would there be a way to join this field over into my data for 'Uptime Monitoring'? Been at this a while and seems like the answer is much more simple then I'm looking at this. Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Assuming the columns for your lookup table are titled "dest" and "hostname" and your lookup is named "hostnameLookup.csv" you would add the following to your search: " | lookup hostnameLookup.csv dest OUTPUT hostname
Complete search:
sourcetype="ping_input"
| stats sparkline(avg(avg_ping)) as sparkline_ping avg(avg_ping) as ping max(max_ping) as max_ping latest(packet_loss) as packet_loss latest(_time) as last_checked range(avg_ping) as range min(avg_ping) as min by dest
| search
| eval ping=round(ping, 0)." ms"
| eval average=round(avg_ping, 0)." ms"
| eval maximum=round(max_ping, 0)." ms"
| eval range=round(min, 0)." - ".round(min+range, 0)." ms"
| eval packet_loss=if(max_ping="NA",100,packet_loss)
| lookup hostnameLookup.csv dest OUTPUT hostname
| table dest hostname packet_loss last_checked ping max_ping range sparkline_ping
| timesince(last_checked,last_checked)
| sort -ping
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Assuming the columns for your lookup table are titled "dest" and "hostname" and your lookup is named "hostnameLookup.csv" you would add the following to your search: " | lookup hostnameLookup.csv dest OUTPUT hostname
Complete search:
sourcetype="ping_input"
| stats sparkline(avg(avg_ping)) as sparkline_ping avg(avg_ping) as ping max(max_ping) as max_ping latest(packet_loss) as packet_loss latest(_time) as last_checked range(avg_ping) as range min(avg_ping) as min by dest
| search
| eval ping=round(ping, 0)." ms"
| eval average=round(avg_ping, 0)." ms"
| eval maximum=round(max_ping, 0)." ms"
| eval range=round(min, 0)." - ".round(min+range, 0)." ms"
| eval packet_loss=if(max_ping="NA",100,packet_loss)
| lookup hostnameLookup.csv dest OUTPUT hostname
| table dest hostname packet_loss last_checked ping max_ping range sparkline_ping
| timesince(last_checked,last_checked)
| sort -ping
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![archersplunk archersplunk](https://community.splunk.com/legacyfs/online/avatars/566014.jpg)
Thank you so much for this answer as it was 99% of the key to my resolution. The other 1% was adding in an 'as' to reference the IP field from the lookup to my data, then OUTPUT that to the newly created field
|lookup hostnameLookup.csv IP as dest OUTPUT hostname
Worked perfect and could not have done it without your awesomeness.
Thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![nplamondon nplamondon](https://community.splunk.com/legacyfs/online/avatars/435332.jpg)
We're going to need more information to work with. For starters, what app are you working in? What have you tried? What isn't working? Screenshots are often helpful, too.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![archersplunk archersplunk](https://community.splunk.com/legacyfs/online/avatars/566014.jpg)
Thanks for your response and I apologize for lack of clarity.
I am working in the 'Network Toolkit' App under the 'Status Overview' portion to provide ICMP monitoring for various hosts.
Currently the 'Status Overview' provides a 'dest' field that contains an IP address, and I would like to create an additional 'hostname' field respectively for easier reference with the IP of a particular host.
Splunk support has provided me with a suggestion in creating a lookup which contains an IP address and Hostname imported via CSV file for each host. I've managed to create a lookup, but trying to use the 'inputlookup' command is failing for me probably because I am a noob and not using it correctly.
An additional option is under 'Settings' / 'Data Inputs' / 'Ping' . Within this dash there is a 'name' field which is populated entering a new host from this dash. If I could somehow grab that field from here and merge with the data in the 'Status Overview' dash , that could work too.
Any assist would be greatly appreciated on this. Btw I tried importing screen snips but don't see where to import within this.
- Thanks
![](/skins/images/89D5ADE867CBAF0B5A525B7E23D83D7E/responsive_peak/images/icon_anonymous_message.png)