I have a list of search names saved in csv format and resides in splunk as look up file(222 saved search names). I want to see number of times that saved search triggered alert in a day for 1 week. the search query I am using for the same is as follows "index=_internal sourcetype=scheduler alert_actions="*email*" status=success savedsearch_name=* " |timechart span=1d count by savedsearch_name
instead of * in the above query for the filed savedsearch_name I want to use the saved search name from lookup table (csv file) and get the result for each saved search present there.
I assume you are using a saved search to generate the csv file for the listed example. If so, go into $Splunk_Home/etc/apps/Search/local/savedsearches.conf and find the name of the search you are using to generate the csv. If you are using a cutom app, replace "Search" with the name of your App!