Splunk Search

Splunk matters

Explorer

Anyone knows how to develop batch jobs to process and produce the required information for Field Lookup?

Tags (3)
0 Karma

Builder

I guess this depends a bit on what you want to do. We have some Linux cron jobs that run periodically (perl scripts) that run SQL against a database to get the values we care about, then write that out to a CSV file daily. There are some safeguards so as not to overwrite the existing good file with a bad one in case the SQL fails for example.

Splunk is then configured to do lookups using those CSV files.

In our case, it was a perl script, but really anything you can write that creates CSVs would work.

But that's for lookups. From your question, I'm wondering a little bit if you aren't referring to field extractions rather than lookups?

0 Karma

Explorer

You had misunderstood my comments...What I want to know is how to get those .csv files for e.g(cpu,mem) in order for me to do the automatic lookup? I was using windows platform for this and I want that extra information of the lookup to be appeared in the event panel(in the dashboard view). I've tried export the results out based on someone posted in the forum and followed the instructions but I couldn't get it. Do I need a log file so that the Splunk app will know which log file to put for automatic lookup?If so,how to do that because I'm a newbie for Splunk.

0 Karma

Explorer

What I meant is how to develop the batch jobs to produce extra information for CPU,memory saved searches I had done e.g(top 10 process by cpu,top 10 process by mem).Do I need to create or get a .csv file online in order to do the field lookup?

0 Karma

Splunk Employee
Splunk Employee

Please update your post to provide more details.

0 Karma