Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to use lookup data from a CSV file to include missing logs for a more complete report?

kobie
New Member
‎09-08-2014 10:30 AM

I have a scenario where i have a data input which indexes logs from a Job Automation software. Each indexed job logs contains several field extractions. I am performing some computations and putting these results into a report. I don't believe the search string matters for the purposes of this issue, but if you need to see an example please let me know.

My issue comes from that there are a thousand jobs setup to run on a daily basis. If the jobs runs and succeeds or fails a log is generated and indexed by Splunk. I can report on this and life is good. However, if a job is skipped, missed, or does not run at all, NO log is created and thus does not show on the report.

I have a CSV file which contains all the jobs that are supposed to run. My question is what do you guys recommend to statically display ALL the job names from this input file and then join them with a search so that if I job did not run and no log was generated, it would show the name and the run times would be blank.

I am guessing the best case would be with using that CSV file as an input, but I have not been able to find an example search which would populate the input file in the report and then join in the results from the base search. If you guys could provide some guidance and examples, I would be most appreciative.

Thank you!

0 Karma
Reply

MuS
Legend
‎09-08-2014 11:09 AM

Hi kobie,

take a look at this http://answers.splunk.com/answers/73268/search-for-hosts-in-a-lookup-but-not-in-splunk and you will see an example on how to search for something in a lookup file but not in Splunk.

Hope this helps ...

cheers, MuS

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...