Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk matters

HY
Explorer
‎06-20-2011 06:10 PM

Anyone knows how to develop batch jobs to process and produce the required information for Field Lookup?

Tags (3)
0 Karma
Reply

mfrost8
Builder
‎06-23-2011 01:24 PM

I guess this depends a bit on what you want to do. We have some Linux cron jobs that run periodically (perl scripts) that run SQL against a database to get the values we care about, then write that out to a CSV file daily. There are some safeguards so as not to overwrite the existing good file with a bad one in case the SQL fails for example.

Splunk is then configured to do lookups using those CSV files.

In our case, it was a perl script, but really anything you can write that creates CSVs would work.

But that's for lookups. From your question, I'm wondering a little bit if you aren't referring to field extractions rather than lookups?

0 Karma
Reply

HY
Explorer
‎06-24-2011 02:44 AM

You had misunderstood my comments...What I want to know is how to get those .csv files for e.g(cpu,mem) in order for me to do the automatic lookup? I was using windows platform for this and I want that extra information of the lookup to be appeared in the event panel(in the dashboard view). I've tried export the results out based on someone posted in the forum and followed the instructions but I couldn't get it. Do I need a log file so that the Splunk app will know which log file to put for automatic lookup?If so,how to do that because I'm a newbie for Splunk.

0 Karma
Reply

HY
Explorer
‎06-21-2011 05:34 PM

What I meant is how to develop the batch jobs to produce extra information for CPU,memory saved searches I had done e.g(top 10 process by cpu,top 10 process by mem).Do I need to create or get a .csv file online in order to do the field lookup?

0 Karma
Reply

mw
Splunk Employee
Splunk Employee
‎06-21-2011 03:10 PM

Please update your post to provide more details.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...