If I have a lookup table of 5groups, is it possible to have SPLUNK query activity against the groups in the lookup table
Lookup table
Group1
Group2
Group3
Group4
Group5
Groups1/3/5 has activity, Group 2/4 has no activity
My logs currently tracks hits each time the group has activity. How do i get splunk to query against the lookup table and show in a report:
Groups with Activity: 3
Groups with no Activity: 2
↧