Splunk Enterprise 7x
I am basically trying to get this to work:
https://answers.splunk.com/answers/519950/ho-to-get-search-input-from-csv-file.html
I have created a .csv, inported it, and created a lookup definition. I am trying to filter the results of a "*" search for service status such that it only displays the services listed in the .csv.
eventtype=hostmon_winows Type=Service host="SCCM" (Name="*") Startmode="*" State= "*" [ |inputlookup SCCMServicesCSV.csv |fields ServiceName] | dedup host, Name | table host, Name, Startmode, State
This query is from the Windows App. It works just fine when the lookup section isn't included.
Can someone tell me what I am doing wrong?
Thank you,
Ron Jones
... View more