cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ngox0061
Explorer
Member since: ‎09-23-2020
‎09-25-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 3
Karma Received 1
Member Since ‎09-23-2020
Activity Feed
Topics I've Started
View All

Re: How to create a lookup table

by in Splunk Search
‎09-23-2020 01:08 PM
‎09-23-2020 01:08 PM
I will try and follow your directions and give it a shot.  Thanks, richgalloway! ... View more

How to create a lookup table

by in Splunk Search
‎09-23-2020 11:52 AM
1 Karma
‎09-23-2020 11:52 AM
1 Karma
I'm new to Splunk and was wondering how to do a lookup table.  So what i'm trying to get is something like a lookup of:  index=_internal* log_level=WARN OR log_level=ERR host=XPxx9* OR host=GPxx7* OR host=fsr*   but instead of listing like 30 of the host names with OR arguments, what's the ideal way to do it? can someone provide examples? ... View more
Labels

Re: How to create a table which matches a lookup f...

by in Splunk Search
‎09-23-2020 11:17 AM
‎09-23-2020 11:17 AM
I'm new to Splunk and was wondering about the same thing. on the context below, is that the beginning of the search string? usually it starts with index=.....    So what i'm trying to get is a lookup of  index=_internal* log_level=WARN OR log_level=ERR host=XPxx9* OR host=GPxx7* OR host=fsr*   but instead of listing like 30 of the host names with OR arguments, what's the ideal way to do it?   | tstats count WHERE index=* by index host| table index host | lookup inventory.csv "Server Name" as host OUTPUT "Application Name" | where isnotnull('Application Name') | rename index as Index host as "Server Name"   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎09-25-2020 06:19 PM
Karma from
View All
Karma given to
View All