lookup CSV file and then search server disk perfor...

ravinayan_acc · ‎01-13-2022

Hi All,

I have done a index search for disk data and then lookup to the CSV to check as per the Application which servers data need to be displayed in the dashboard panel.

can some one suggest me how to get the application data in CSV as per Application and then pull the disk performance data from the index.

Please suggest. as I am do the below. but not able to use the sv_value in index search.

| inputlookup Server_details.csv | search Application="app name"
| stats dc(Server) as "Count of Server", values(Server) as Server by Application
| eval Server = mvjoin(Server, " OR ")
| stats values(Server) as sv_value

Please suggest.

Regards,

Nayan

tscroggins · ‎01-17-2022

@ravinayan_acc

If we assume you're using Splunk-provided operating system add-ons with performance inputs enabled on default indexes, and your lookup file contains one Server and Application entry per row, you can use this:

tag=performance tag=storage
    [| inputlookup Server_details.csv where Application="app name" 
    | table Server 
    | rename Serer as host ] 
| stats latest(storage_used_percent) by host mount

The tags will limit search results to storage metrics. The subsearch will limit search results to your application servers by application name.

lookup CSV file and then search server disk performance

lookup

search job inspector

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Are you a member of the Splunk Community?