Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to build a query which would take input CSV file and search for logs?

shahidkhan545
New Member
‎05-31-2022 04:42 PM

I am importing signin logs from azure and I want to built a query which should take input from a csv file (appid)

and search logs and display output for number of success and failures of signins per app

Labels (6)
0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎05-31-2022 08:18 PM

@shahidkhan545 You need to explain the problem.  For starters, some sample data (anonymized) would help.  How do 'success' and 'failure' and 'appid' appear in the logs/events?  Are they in fields that are already extracted?  Suppose your event already comes with a field 'status' which can be 'success' or 'failure', and a field 'appid', you can count by something like

source = mysource
| stats count by appid status

 Why do you need a CSV file? (In other words, what is the structure and sample data in your CSV?)

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...