Hey all,
Does anyone know why this isn't working (I'm a new Splunk user)? I'm trying to show the errorMessageFilter, errorCode and errorAlertValue from the CSV file in the table.
CSV file:
errorMessage,errorMessageFilter,errorCode,errorAlertValue Test1,Value1,1,10 Test2,Value2,2,10 Test3,Value3,3,100 Test4,Value4,5,100 Test5,Value5,5,100
And this is my query so far:
index = index1 cf_app_name = app1 [ | inputlookup critical_errors.csv | table errorMessageFilter | rename errorMessageFilter as msg | format ] AND NOT NULL | lookup critical_errors.csv errorMessageFilter OUTPUT errorCode, errorAlertValue | eval time = strftime(timestamp/1000000000,"%a %b %d, %Y, %T") | table time, cf_space_name, cf_app_name, msg, errorCode, errorAlertValue
Everything in the table results shows fine, with the exception of errorCode and errorAlertValue. These 2 are empty.
... View more