Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: Adding (hostname) field to Uptime Monitoring /...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What would be the best way to add 'hostname' field to the 'Status Overview' dash under Uptime Monitoring. I noticed under 'Data Inputs' / 'Ping' , a name(hostname) exists as new hosts are added. Would there be a way to join this field over into my data for 'Uptime Monitoring'? Been at this a while and seems like the answer is much more simple then I'm looking at this. Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Assuming the columns for your lookup table are titled "dest" and "hostname" and your lookup is named "hostnameLookup.csv" you would add the following to your search: " | lookup hostnameLookup.csv dest OUTPUT hostname
Complete search:
sourcetype="ping_input"
| stats sparkline(avg(avg_ping)) as sparkline_ping avg(avg_ping) as ping max(max_ping) as max_ping latest(packet_loss) as packet_loss latest(_time) as last_checked range(avg_ping) as range min(avg_ping) as min by dest
| search
| eval ping=round(ping, 0)." ms"
| eval average=round(avg_ping, 0)." ms"
| eval maximum=round(max_ping, 0)." ms"
| eval range=round(min, 0)." - ".round(min+range, 0)." ms"
| eval packet_loss=if(max_ping="NA",100,packet_loss)
| lookup hostnameLookup.csv dest OUTPUT hostname
| table dest hostname packet_loss last_checked ping max_ping range sparkline_ping
| timesince(last_checked,last_checked)
| sort -ping
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Assuming the columns for your lookup table are titled "dest" and "hostname" and your lookup is named "hostnameLookup.csv" you would add the following to your search: " | lookup hostnameLookup.csv dest OUTPUT hostname
Complete search:
sourcetype="ping_input"
| stats sparkline(avg(avg_ping)) as sparkline_ping avg(avg_ping) as ping max(max_ping) as max_ping latest(packet_loss) as packet_loss latest(_time) as last_checked range(avg_ping) as range min(avg_ping) as min by dest
| search
| eval ping=round(ping, 0)." ms"
| eval average=round(avg_ping, 0)." ms"
| eval maximum=round(max_ping, 0)." ms"
| eval range=round(min, 0)." - ".round(min+range, 0)." ms"
| eval packet_loss=if(max_ping="NA",100,packet_loss)
| lookup hostnameLookup.csv dest OUTPUT hostname
| table dest hostname packet_loss last_checked ping max_ping range sparkline_ping
| timesince(last_checked,last_checked)
| sort -ping
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much for this answer as it was 99% of the key to my resolution. The other 1% was adding in an 'as' to reference the IP field from the lookup to my data, then OUTPUT that to the newly created field
|lookup hostnameLookup.csv IP as dest OUTPUT hostname
Worked perfect and could not have done it without your awesomeness.
Thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We're going to need more information to work with. For starters, what app are you working in? What have you tried? What isn't working? Screenshots are often helpful, too.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your response and I apologize for lack of clarity.
I am working in the 'Network Toolkit' App under the 'Status Overview' portion to provide ICMP monitoring for various hosts.
Currently the 'Status Overview' provides a 'dest' field that contains an IP address, and I would like to create an additional 'hostname' field respectively for easier reference with the IP of a particular host.
Splunk support has provided me with a suggestion in creating a lookup which contains an IP address and Hostname imported via CSV file for each host. I've managed to create a lookup, but trying to use the 'inputlookup' command is failing for me probably because I am a noob and not using it correctly.
An additional option is under 'Settings' / 'Data Inputs' / 'Ping' . Within this dash there is a 'name' field which is populated entering a new host from this dash. If I could somehow grab that field from here and merge with the data in the 'Status Overview' dash , that could work too.
Any assist would be greatly appreciated on this. Btw I tried importing screen snips but don't see where to import within this.
- Thanks
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)
Automating Threat Operations and Threat Hunting with Recorded Future
