9/25/2023 0 Comments Splunk tutorial part 3The search also uses the AS keyword and the rename command. You can show a list of the Buttercup Games product names and the corresponding prices by using the stats command to output a table that lists the prices by product. ![]() This information exists in the lookup file, prices.csv.Įxample: Display the product names and prices The product name and price information does not exist in your indexed fields. This enables you to specify the productName and price fields in your search criteria. When you run a search, the Splunk software uses that relationship to retrieve, or lookup, data from the prices.csv file. When you setup the automatic lookup, you specified that the productId field in your indexed events corresponds to the productId field in the prices.csv file. Notice that not every event shows the price and the productName fields. Click productName to open the summary dialog box for the field.īoth the price and the productName fields appear in the Selected Fields list and in the search results.Scroll through the list of Interesting Fields in the Fields sidebar, and find the productName field.This moves the prices field from the list of Interesting Fields to the list of Selected Fields in the Fields sidebar. ![]() Along with a count and percentage of how many events each price appears in. Several aggregate calculations, such as average, minimum, and standard deviation, are listed. There are a set of built-in reports that you can access. For example, the price field appears in more than 50% of the events. The summary dialog box contains a lot of information about the price field. ![]() Click price to open the summary dialog box for that field.This field is added to your events from the automatic lookup you created. Scroll through the list of Interesting Fields in the Fields sidebar, and find the price field.Run the following search to locate all of the web access activity.Click Search & Reporting to return to the Search app.From the Automatic Lookups window, click the Apps menu in the Splunk bar.Show the lookup fields in your search resultsīecause the prices_lookup is an automatic lookup, the fields from the lookup table will automatically appear in your search results. Now that you have defined the prices_lookup, you can see the fields from that lookup in your search results.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |