Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Help for Doing a Count from a Dropdown List
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Help for Doing a Count from a Dropdown List
hello
I use the search below which works fine
[| inputlookup host.csv
| table host] index="x" sourcetype=XmlWinEventLog source="XmlWinEventLog:System" EventCode=1067 (Level=1 OR Level=2 OR Level=3)
| dedup host
| lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE
| search SITE=$tok_filtersite|s$
| stats count as NbEventCodeHost
| appendcols
[| inputlookup host.csv
| stats count as NbIndHost]
| eval Perc=round((NbEventCodeHost/NbIndHost)*100,2). " %" + " / " + NbIndHost + " machines "
| table Perc
But I need an improvement for NbIndHost
Actually this value is just a global count in inputlookup host.csv
What I need is to do a count from the site selected in my dropdown filter (| search SITE=$tok_filtersite|s$ )
It means that I have to match
So I tried to do something like that :
[| inputlookup host.csv
| table host] index="ai-wkst-wineventlog-fr" sourcetype=XmlWinEventLog source="XmlWinEventLog:System" EventCode=1067 (Level=1 OR Level=2 OR Level=3)
| dedup host
| lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE
| search SITE=$tok_filtersite|s$
| stats count as NbEventCodeHost
| appendcols
[| inputlookup host.csv | lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE
| search SITE=$tok_filtersite|s$
| stats count as NbIndHost
]
| eval Perc=round((NbEventCodeHost/NbIndHost)*100,2). " %" + " / " + NbIndHost + " machines "
| table Perc
It works BUT
When I m doing [| inputlookup host.csv | | stats count as NbIndHost ] I have 40 machines
But when I execute my search with * (so it means all machines in the CSV file) in the dropdown menu I have only 35 machines
Have you an idea where are the 5 machines lacking??
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jip31,
Better way to ask here is give your lookup data and explain your requirement, and Splunk Ninjas here will help you write and understand the query. As it is just dropdown query and you are using lookup commnad thrice.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do all your host.csv value have SITE associated with it? You can check it by running this
| inputlookup host.csv | lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE
| table host SITE
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you are right contrary of what said the business, some host have no site, so my search is good many thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cant see any visible fault here.
Guessing, if there can be a size limit for drop down. Can you check by sorting your results if you are able to see missing ones then.
Application management with Targeted Application Install for Victoria Experience
Index This | What goes up and never comes down?
Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination
