I have a scenario where i have a data input which indexes logs from a Job Automation software. Each indexed job logs contains several field extractions. I am performing some computations and putting these results into a report. I don't believe the search string matters for the purposes of this issue, but if you need to see an example please let me know.

My issue comes from that there are a thousand jobs setup to run on a daily basis. If the jobs runs and succeeds or fails a log is generated and indexed by Splunk. I can report on this and life is good. However, if a job is skipped, missed, or does not run at all, NO log is created and thus does not show on the report.

I have a CSV file which contains all the jobs that are supposed to run. My question is what do you guys recommend to statically display ALL the job names from this input file and then join them with a search so that if I job did not run and no log was generated, it would show the name and the run times would be blank.

I am guessing the best case would be with using that CSV file as an input, but I have not been able to find an example search which would populate the input file in the report and then join in the results from the base search. If you guys could provide some guidance and examples, I would be most appreciative.

Thank you!