Re: lookup CSV file and then search server disk pe...

ravinayan_acc · ‎01-13-2022

Hi All,

I have done a index search for disk data and then lookup to the CSV to check as per the Application which servers data need to be displayed in the dashboard panel.

can some one suggest me how to get the application data in CSV as per Application and then pull the disk performance data from the index.

Please suggest. as I am do the below. but not able to use the sv_value in index search.

| inputlookup Server_details.csv | search Application="app name"
| stats dc(Server) as "Count of Server", values(Server) as Server by Application
| eval Server = mvjoin(Server, " OR ")
| stats values(Server) as sv_value

Please suggest.

Regards,

Nayan

tscroggins · ‎01-17-2022

@ravinayan_acc

If we assume you're using Splunk-provided operating system add-ons with performance inputs enabled on default indexes, and your lookup file contains one Server and Application entry per row, you can use this:

tag=performance tag=storage
    [| inputlookup Server_details.csv where Application="app name" 
    | table Server 
    | rename Serer as host ] 
| stats latest(storage_used_percent) by host mount

The tags will limit search results to storage metrics. The subsearch will limit search results to your application servers by application name.

lookup CSV file and then search server disk performance

lookup

search job inspector

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

Are you a member of the Splunk Community?