Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Even though automatic lookup fields work, why does it not appear on the Statistics table and Dashboard?

alexantao
Path Finder
‎03-19-2019 11:50 AM

Hi, I used to work on Splunk but stopped 2 years ago and now I'm rusty.
Could someone help me with this issue ?

I have a firewall log and it has the port/protocol the user access, each one in you field ( dst_port - ex 443, transport - UDP/TCP ) and the service field like 443/tcp.

First made a table (with works) to display the most used port/protocol: 

 |top service

Now, I'd like to show that table but with the name/description of that protocol. Soo I downloaded IANA' s App and installed. Then I created a automatic Lookup that gets the dst_pot and protocol and outputs it's "Service Name" and "Service Description" fields.
When I perform a search (like the above), I can see the new fields on field list.
But when I create de table those new fields are always empty. Tried a lot of other variations of commands but none works:

|chart count by service | table "Service Name", "Service Description", service, count
|top service | table "Service Name", "Service Description", service, count

What am I doing wrong here ?
Thanks.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...