Re: CSV lookup only updating 10 entries in the sam...

hrs2019 · ‎05-25-2020

II am using this lookup for bot status.
I am using the "submit" button to save the status info. (disconnected or connected)

I have added a screenshot:

| inputlookup status.csv
| append [ makeresults | eval Time= strftime(_time,"%Y-%m-%d %H:%M:%S") 
| eval "DI Name"="I9", "Bot Name"="CD1","Support poc"="sam","Support Team"="IA",Status="disconnected"] 
| top "DI Name" "Bot Name" "Support poc" "Support Team" Status Time 
| table "DI Name" "Bot Name" "Support poc" "Support Team" Status Time   
| outputlookup status.csv  
| head 1

richgalloway · ‎05-25-2020

The top command defaults to 10 results. Try top 10000 "DI Name" "Bot Name" "Support poc" "Support Team" Status Time.

---
If this reply helps you, Karma would be appreciated.

hrs2019 · ‎05-25-2020

@richgalloway for recent events check i want only the one top event which is submitted recently

richgalloway · ‎05-25-2020

Then you don't want top. top returns the most common events based on the specified field(s). To get the most recent, use head or sort.

---
If this reply helps you, Karma would be appreciated.

hrs2019 · ‎05-25-2020

Hi Thanks for your reply @richgalloway
no, it is not working after adding 1000 for the top. append lookup is not creating any field more than 10 .
actually I am using this lookup for bot status.
i am using the submit button to save the status info. (disconnected or connected)

i have added the screenshot also

richgalloway · ‎05-25-2020

What is the intended purpose of top?

---
If this reply helps you, Karma would be appreciated.

CSV lookup only updating 10 entries in the same day.

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes