Good morning,
So I have a table of "name / disc / timestamp" and am trying to run a pre-written Python script on that specific name of server + corresponding disc.
| python_pdc disk SAMPLE_SERVER "SAMPLE_DISC" | count(eval(percentage < 90%))
==> One row of information.
If I would like to repeat this process for the entire set of table, how could this be implemented?
Thank you in advance,
I would appreciate your input.
Jack
p.s.
Table:
name disc time
paoc2ock1d 😧 06/23/15
=> | python_pdc disk paoc2ock1d "D:" | count(eval(percentage < 90%)) as count
Expected output:
count
2
1) Create a lookup table in Splunk with sample_server and sample_disc
2) Run below command
|inputlookup table.csv | fields sample_server sample_disc | python_pdc sample_server sample_disc | count(eval(percentage < 90%)) as count