lookup CSV file and then search server disk perfor...

ravinayan_acc · ‎01-13-2022

Hi All,

I have done a index search for disk data and then lookup to the CSV to check as per the Application which servers data need to be displayed in the dashboard panel.

can some one suggest me how to get the application data in CSV as per Application and then pull the disk performance data from the index.

Please suggest. as I am do the below. but not able to use the sv_value in index search.

| inputlookup Server_details.csv | search Application="app name"
| stats dc(Server) as "Count of Server", values(Server) as Server by Application
| eval Server = mvjoin(Server, " OR ")
| stats values(Server) as sv_value

Please suggest.

Regards,

Nayan

tscroggins · ‎01-17-2022

@ravinayan_acc

If we assume you're using Splunk-provided operating system add-ons with performance inputs enabled on default indexes, and your lookup file contains one Server and Application entry per row, you can use this:

tag=performance tag=storage
    [| inputlookup Server_details.csv where Application="app name" 
    | table Server 
    | rename Serer as host ] 
| stats latest(storage_used_percent) by host mount

The tags will limit search results to storage metrics. The subsearch will limit search results to your application servers by application name.

lookup CSV file and then search server disk performance

lookup

search job inspector

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?