I have an inputlookup that has a list of pod names that we expect to be deployed to an environment. The list would look something like: pod_name_lookup,importance
poda,non-critical
podb,crit...
See more...
I have an inputlookup that has a list of pod names that we expect to be deployed to an environment. The list would look something like: pod_name_lookup,importance
poda,non-critical
podb,critical
podc,critical We also have data in splunk that gives us pod_name, status, and importance. Results from the below search would look like this: index=abc sourcetype=kubectl
| table pod_name, status, importance
poda-284489-cs834 Running non-critical
podb-834hgv8-cn28s Running critical Note podc was not found.. I need to be able to compare the results from this search to the list from the inputlookup and show that podc was not found in the results and that it is a critical pod. Need to be able to count how many critical and non-critical pods are not found as well as table the list of missing pods. I have tried several iterations of searches but havent came across one that allows me to compare a search result to an inputlookup using a partial match. eval result=if(like(pod_name_lookup...etc is close but requires a pattern and not the wildcard value of a field. Thoughts?