Hello,
Thank you so much for your prompt response. This query is perfect and looks good to use in production.
However, one interesting thing I have observed here is, I have two lookup files,
First Lookup file format
id_number, time, url_list, .............
We are using above query posted by you for above CSV lookup file format which works perfectly.
But when I am trying to use the same query for my second lookup table it won't work
Second Lookup format
county, contact, address, domain, ............
Now, the same thing I would like to execute for the above lookup format, in turn, I am using below query,
index=mcafee sourcetype=mcafee:webgateway [|inputlookup URL_TWO| rename domain as url | fields url] | stats count by usrName, time_taken, httpStatus, method, dstIP, urlCategories
Unfortunately, this query is not matching with the value listed within the CSV file, whereas the same query works perfectly for the first lookup table format.
Can you please suggest where I am missing in this query?
Thanks,
... View more