Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk matters

HY
Explorer
‎06-20-2011 06:10 PM

Anyone knows how to develop batch jobs to process and produce the required information for Field Lookup?

Tags (3)
0 Karma
Reply

mfrost8
Builder
‎06-23-2011 01:24 PM

I guess this depends a bit on what you want to do. We have some Linux cron jobs that run periodically (perl scripts) that run SQL against a database to get the values we care about, then write that out to a CSV file daily. There are some safeguards so as not to overwrite the existing good file with a bad one in case the SQL fails for example.

Splunk is then configured to do lookups using those CSV files.

In our case, it was a perl script, but really anything you can write that creates CSVs would work.

But that's for lookups. From your question, I'm wondering a little bit if you aren't referring to field extractions rather than lookups?

0 Karma
Reply

HY
Explorer
‎06-24-2011 02:44 AM

You had misunderstood my comments...What I want to know is how to get those .csv files for e.g(cpu,mem) in order for me to do the automatic lookup? I was using windows platform for this and I want that extra information of the lookup to be appeared in the event panel(in the dashboard view). I've tried export the results out based on someone posted in the forum and followed the instructions but I couldn't get it. Do I need a log file so that the Splunk app will know which log file to put for automatic lookup?If so,how to do that because I'm a newbie for Splunk.

0 Karma
Reply

HY
Explorer
‎06-21-2011 05:34 PM

What I meant is how to develop the batch jobs to produce extra information for CPU,memory saved searches I had done e.g(top 10 process by cpu,top 10 process by mem).Do I need to create or get a .csv file online in order to do the field lookup?

0 Karma
Reply

mw
Splunk Employee
Splunk Employee
‎06-21-2011 03:10 PM

Please update your post to provide more details.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...