would inputs.csv be a better way to conduct this type of operation. Say i have 100 hosts comming in from my cmdb everyday and i want to run a report on 65 of thoese hostnames that are dynamic and are not going to be the same two days in a row. Is there a way to take the csv file that is going to be exported daily from my cmdb and then run it against a precreated report in splunk. This way i will not have to change the search query everyday and it will just run at a set time.
I have a lookup table that looks like this:
It is called host.csv
hostname
host1
host2
host3
host4
I do not understand why i can not import the information using the UI. I keep on getting this error message:Encountered the following error while trying to save: In handler 'lookup-table-files': File is binary and not gzipped
Then when i change it to binary, it says the same thing only though backwards. Does anyone have any suggestions? I am trying to set a lookup table equal to host1 host2 host3 host4 and then when i call the table it will run against all of these hosts. Any help would be helpful. This is the first lookup table i have ever created.
This issue happened with me when I've a column that has German letters ü,ß,ä ...
after I removed this column from csv file it uploaded successfully
would inputs.csv be a better way to conduct this type of operation. Say i have 100 hosts comming in from my cmdb everyday and i want to run a report on 65 of thoese hostnames that are dynamic and are not going to be the same two days in a row. Is there a way to take the csv file that is going to be exported daily from my cmdb and then run it against a precreated report in splunk. This way i will not have to change the search query everyday and it will just run at a set time.
Also check to see that the file is saved in UTF-8 format.
This probably won't be the most helpful posting (sorry)...there was a previous Answer about this that points to (possibly hidden) special characters. Is that a possibility here? And I assume you are following the procedure in the documentation for doing lookups from a static file, and you've edited transforms.conf and props.conf and restarted Splunk?
I am trying to edit the transforms and props.conf files, i am just not sure if this is possible to do. I just want to grab the information from those host1,2,3,4 and set it equal to hostname.