I am new to splunk , can someone please help me on below case
my log looks like this:
Msg="SUCCESS" or "FAIL"
I have a lookup file with configuration names , what I have to do is, if I found a log for the Config , it need to marked as found or else not found and then I have to count the Missing_dates (need to consider Missing_dates_1 , Missing_dates_2 , it's dynamic and based on the field Count_of_Missing_Date_Chunks ) count and display as table .
As of now, I have the query for non-dynamic Chunks without lookup file, can someone please help me to form the Splunk query for Dynamic chunks and file lookup. in this below query i am counting based on comma as a delimiter
| where Msg="SUCCESS"
| eval count_of_missing_dates = mvcount(split(missing_dates, ","))
| table Name Config count_of_missing_dates Msg
CSV file has in below format
the Final table will have-- Name , Config , count_of_missing_dates , Msg , Event_Status (Found/not Found from look up)
... View more