Splunk Search

help on basic table

jip31
Motivator

Hello

I use the search below :

[| inputlookup host.csv 
    | table host] index="x" sourcetype="PerfmonMk:Process" process_name=chrome ("%_Processor_Time"=0) 
| lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE 
| search SITE=$tok_filtersite|s$ 
| stats  count(process_name) as Total by host
| sort -Total limit=10

I need to display host, SITE and Total fields
I m doing

   | table host SITE Total

But SITE doenst display
What I have to do please?

Tags (1)
0 Karma
1 Solution

harsmarvania57
Ultra Champion

Hi,

When you use stats in your query it will drop remaining fields. So try this | stats count(process_name) as Total, values(SITE) as SITE by host

View solution in original post

0 Karma

harsmarvania57
Ultra Champion

Hi,

When you use stats in your query it will drop remaining fields. So try this | stats count(process_name) as Total, values(SITE) as SITE by host

0 Karma

jip31
Motivator

Oh many thanks

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...