Solved: How to take index names from a CSV file and run a ...

varad_joshi · ‎09-03-2015

I need to find various information (counts, last and first event received time, etc) on indexes listed in a CSV file. There will be a time when index names will be added and hence, I don't want to hardcode my search with index names. I want to keep them in CSV so its easy to update.

tom_frotscher · ‎09-03-2015

Hi,

you can use a subsearch:

[| inputlookup myindexes.csv | table index] | rest of your search

In this example, imagine there is a csv file with a column "index" and in this column you list all your indexes.
The subsearch is resolved like this

 index=index1 OR index2 ...

Splunk interprets your search like this:

index=index1 OR index=index2 ... | rest of your search

Greetings

Tom

View solution in original post

tom_frotscher · ‎09-03-2015

Hi,

you can use a subsearch:

[| inputlookup myindexes.csv | table index] | rest of your search

In this example, imagine there is a csv file with a column "index" and in this column you list all your indexes.
The subsearch is resolved like this

 index=index1 OR index2 ...

Splunk interprets your search like this:

index=index1 OR index=index2 ... | rest of your search

Greetings

Tom

varad_joshi · ‎09-07-2015

Thanks Tom, first option worked flawlessly. Appreciate your help.

How to take index names from a CSV file and run a stats count on the listed index names?

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

Are you a member of the Splunk Community?

How to take index names from a CSV file and run a stats count on the listed index names?

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University