So, here is an issue where I can't find some services (e.g, service x, service y. service z) under the field service_name in splunk itsi_summary index but the corresponding service_ids are there in itsi_summary index. However, when I am looking for those services in the lookup service_kpi_lookup I do find them under title field. When I do a simple search - index=itsi_summary | stats count serviceid - I am getting a count of 1029, but then again when I do - index=itsi_summary | stats count by service_name - I am getting a count of 1024, furthermore if I do - | inputlookup service_kpi_lookup | stats count by title - I am getting a count of 1029 So, there seems to be something broken that populates the service_name field in itsi_summary. Can anyone help me on this. Need to understand on - how this service_name field is getting populated.
... View more