Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Pulling two inputlookups (csv files) and graphing their information

lehrfeld
Path Finder
‎02-16-2015 11:40 AM

Hi All - I am trying to do some simple reporting on two lookup files we have.

Lookup File A

time number
2015-01-16 100
2015-01-17 200
2015-01-18 300
2015-01-18 600
2015-01-18 700

Lookup File B
time count
2015-01-16 700
2015-01-17 800
2015-01-18 900
2015-01-18 200
2015-01-18 300

I would like to sum(count) by time and sum(number) by time then produce a line chart. But I can't figure out how to use both of the lookup tables.

My last iteration looked like this.

| inputlookup email_into_edge.csv |
appendcols [| inputlookup email_into_forefront.csv
| stats sum(count) AS into_forefront by time]
| stats sum(number) AS into_edge by time

Thanks for any tips, Mike

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
SplunkTrust
SplunkTrust
‎02-16-2015 12:14 PM

Give this a try

| inputlookup email_into_edge.csv | stats sum(number) AS into_edge by time
| appendcols [| inputlookup email_into_forefront.csv | stats sum(count) AS into_forefront by time] 
 | stats sum(*) as * by time

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
SplunkTrust
SplunkTrust
‎02-16-2015 12:14 PM

Give this a try

| inputlookup email_into_edge.csv | stats sum(number) AS into_edge by time
| appendcols [| inputlookup email_into_forefront.csv | stats sum(count) AS into_forefront by time] 
 | stats sum(*) as * by time
Reply
Solved! Jump to solution

lehrfeld
Path Finder
‎02-16-2015 01:09 PM

Thanks for the reply.... for some reason I was getting weird results. The summing was off... so I did a join on time and that did it.

| inputlookup email_into_forefront.csv
| stats sum(count) AS into_forefront
by time | join time [| inputlookup
email_into_edge.csv | stats
sum(number) AS into_edge by time ]

0 Karma
Reply
Get Updates on the Splunk Community!

Observability Unveiled: Navigating OpenTelemetry's Framework and Deployment Options

Observability Unveiled: Navigating OpenTelemetry's Framework and Deployment Options A recent Tech Talk, ...

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...