Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted
Solved! Jump to solution

Extracting fields from look up file & calculating each field count

marellasunil
Communicator
‎03-20-2013 10:12 AM

Hi,
I am having a lookup csv file, I have uploaded it in Automatic lookup's with Application=ApplicationName & ServerName=host
Application_Name & host are listed in fields.
CSV file is as below

Application, Server_Name

App1, server1
App1, Server2
App1, Server3
App1, Server4
App2, Server2
App2, Server5
App2, Server6
App2, Server7

..| append [inputlookup serverslookup] | search Application="App1" | chart count over ServerName by Status
If I use the above command, I am getting the below output

Server count

server1 1
Server2 1
Server3 1
Server4 1

But If I run the query with host instead of Server_Name

Server count

server1 11
Server2 23
Server3 42
Server4 8
Which is actaul count.

Could you please help me to get the correct result by using lookfield

0 Karma
Reply
1 Solution
Highlighted
Solved! Jump to solution
Solution

Re: Extracting fields from look up file & calculating each field count

marellasunil
Communicator
‎03-21-2013 06:08 AM

Ooo, Worked now, Problem with the case sensitive....

View solution in original post

0 Karma
Reply