I am trying to build a search that will display the Process status in each server. i have a lookup table called ipservices: host,IPService,Process server1,smtp,smtp server1,pexa_jboss,jboss server1,sshd,sshd server1,splunk_forwarder,splunkd server2,bipbroker,bipbroker server2,bipservice,bipservice server2,biphttplistener,biphttplistener server2,sshd,sshd server2,splunk_forwarder,splunkd server3,bipbroker,bipbroker server3,bipservice,bipservice server3,biphttplistener,biphttplistener server3,sshd,sshd server3,splunk_forwarder,splunkd server4,smtp,smtp server4,sshd,sshd server4,pexa_jboss,jboss server4,splunk_forwarder,splunkd server5,smtp,smtp server5,sshd,sshd server5,pexa_jboss,jboss server5,splunk_forwarder,splunkd The search should get the value in Process and host Field and then input them to the search where I use a match command which indicates if the process exists or not. 1 indicates that the process exists and is running, while 0 means does not exist and the process is down. Can someone help me to build the search to achieve this? I tried to use below search, but cant see any result. sourcetype=ps [| inputlookup ipservices | table Process] | eval processexists=if(match(_raw,"[| inputlookup ipservices | table Process]"),1,0) | stats max(processexists) as Status by host Please help. thanks ... View more

We install the SNMP Modular Input add-on in Slunk enterprise v6.1.4. After ssuccessfull installation as per the documentation, Im being redirected to "Monitoring of Java Virtual Machines with JMX" when selecting snmp_ta from the list of application? Anyone experience the same situation? Appreciate if you can share the solution, thanks alot, glen ... View more