Splunk Search

CSV lookup only updating 10 entries in the same day.

hrs2019
Path Finder

II am using this lookup for bot status.
I am using the "submit" button to save the status info. (disconnected or connected)

I have added a screenshot:

alt text

| inputlookup status.csv
| append [ makeresults | eval Time= strftime(_time,"%Y-%m-%d %H:%M:%S") 
| eval "DI Name"="I9", "Bot Name"="CD1","Support poc"="sam","Support Team"="IA",Status="disconnected"] 
| top "DI Name" "Bot Name" "Support poc" "Support Team" Status Time 
| table "DI Name" "Bot Name" "Support poc" "Support Team" Status Time   
| outputlookup status.csv  
| head 1
0 Karma

richgalloway
SplunkTrust
SplunkTrust

The top command defaults to 10 results. Try top 10000 "DI Name" "Bot Name" "Support poc" "Support Team" Status Time.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

hrs2019
Path Finder

@richgalloway for recent events check i want only the one top event which is submitted recently

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Then you don't want top. top returns the most common events based on the specified field(s). To get the most recent, use head or sort.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

hrs2019
Path Finder

Hi Thanks for your reply @richgalloway
no, it is not working after adding 1000 for the top. append lookup is not creating any field more than 10 .
actually I am using this lookup for bot status.
i am using the submit button to save the status info. (disconnected or connected)

i have added the screenshot also

0 Karma

richgalloway
SplunkTrust
SplunkTrust

What is the intended purpose of top?

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Cannot push config from deployer to search head cluster

Hello,I recently upgraded our deployer/deployment server from 8.1.6 to version 9.0 and when I try to push ...

Clear text password in command line

mogod command line argument having clear text password like "--sslPEMKeyPassword=password"how to avoid clear ...

Traffic logs from Splunk Add-on for Cisco Meraki

Recently deployed this add-on, but it doesn't seem to bring back Traffic or URL logs like we did when using ...