Hello Team, I have a list of search names saved in csv format and resides in splunk as look up file(222 saved search names). I want to see number of times that saved search triggered alert in a day for 1 week. the search query I am using for the same is as follows "index=_internal sourcetype=scheduler alert_actions="*email*" status=success savedsearch_name=* " |timechart span=1d count by savedsearch_name instead of * in the above query for the filed savedsearch_name I want to use the saved search name from lookup table (csv file) and get the result for each saved search present there. could you please let me know how can I do that ?
... View more