Hello all,
I have created a form in Splunk that our Infra team uses to attest that they have conducted their daily system checks. Seems all the input side is working well now. The next challenge is pulling those daily audits to a search for displaying to management that we worker bees are busy.
I have the following search working, but it always pulls ALL the data in the .csv lookup vice just the current day.
| inputlookup DailyCheck.csv | stats count by _time, Administrator, CheckPerformed, CheckStatus, CheckType
Which result in:
_
time Administrator CheckPerformed CheckStatus CheckType count
2018-04-24 07:53:05 Alvarez, Osie Splunk Complete, No Issues noted Daily 1
2018-04-24 07:51:28 Alliman, Jen Satellite Complete, No Issues noted Daily 1
2018-04-24 07:49:38 Coldwell, Tony Satellite Complete, No Issues noted Daily 1
2018-04-23 11:05:48 Coldwell, Tony Satellite Complete, No Issues noted Daily 1
2018-04-23 10:54:58 Gonzo, Barney Virtualization Complete, No Issues noted Daily 1
2018-04-23 10:54:52 Gonzo, Barney Complete, No Issues noted Daily 1
How on earth can I pull just the "Today" values from the lookup in my search so I can put it on managements dashboard?
P.S. Names have been changed to protect the probably innocent.
Many, many thanks!
Barry
... View more