×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
synsoc
New Member
Member since: ‎08-03-2011
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-03-2011
Activity Feed
Topics I've Started
View All

Re: inputlookup loops

by in Splunk Search
‎06-27-2017 12:17 PM
‎06-27-2017 12:17 PM
Just needed to add ,server below and it worked perfectly. Thanks! |table _time,tnow,timediff,server ... View more

inputlookup loops

by in Splunk Search
‎06-26-2017 06:16 AM
‎06-26-2017 06:16 AM
The idea is my hosts will write a status message to a log file that gets picked up by Splunk and put into a shared index with all others servers. I then want to go through a list of servers via an inputlookup to see when the last time they reported their status was. I can get the time diff to work, but I can't find a way to go through all my servers ie like a for loop. Any suggestions? input.csv: ServerName,Environment,App serverA,Prod,database serverB,Dev,webserver base search: index="server_health" "pulse_detected" | head 1 | eval tnow = now() | eval timediff = (tnow - _time)| eval timediff = timediff/60/60| convert ctime(tnow) |table _time,tnow,timediff I've tried various versions of this below and just can't wrap my head around how it should work 😞 |indexlookup server.csv | table Server [ index="server_health" "pulse_detected" | head 1 | eval tnow = now() | eval timediff = (tnow - _time)| eval timediff = timediff/60/60| convert ctime(tnow) |table _time,tnow,timediff} ] ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM