topic Re: How do I add a host name from another index to a scheduled report which has a table from other index? in Deployment Architecture https://community.splunk.com/t5/Deployment-Architecture/How-do-I-add-a-host-name-from-another-index-to-a-scheduled/m-p/360505#M19335 <P>Hi pragi_eashwar,<BR /> you can follow two ways:</P> <UL> <LI>if you have a more or less static situation, you can put your hostnames and IPs in a lookup and use it to insert hostames in your report;</LI> <LI>if you have a dynamic situation, you can use commands like appendpipe or join to add the hostname to each row of your report.</LI> </UL> <P>I suggest to use Lookup because is quicker.</P> <P>Your can manage hostnames in you lookup using a scheduled search, every night (or a different frequency) e.g.:</P> <PRE><CODE>your_search | dedup host | table host ip </CODE></PRE> <P>after you can use it </P> <PRE><CODE>index=a threat=critical vulnerability=high | lookup hostnames.csv ip OUTPUT host | table ip host a b c </CODE></PRE> <P>Bye.<BR /> Giuseppe</P> Wed, 03 May 2017 09:54:14 GMT gcusello 2017-05-03T09:54:14Z How do I add a host name from another index to a scheduled report which has a table from other index? https://community.splunk.com/t5/Deployment-Architecture/How-do-I-add-a-host-name-from-another-index-to-a-scheduled/m-p/360504#M19334 <P>Scheduled report <BR /> Query<BR /> Index=a threat=critical vulnerability=high | table ip,a,b,c <BR /> Requirement <BR /> How to add host name of the ip to this report which is present in the Logs situated in another index ? </P> Wed, 03 May 2017 07:54:58 GMT https://community.splunk.com/t5/Deployment-Architecture/How-do-I-add-a-host-name-from-another-index-to-a-scheduled/m-p/360504#M19334 pragi_eashwar 2017-05-03T07:54:58Z Re: How do I add a host name from another index to a scheduled report which has a table from other index? https://community.splunk.com/t5/Deployment-Architecture/How-do-I-add-a-host-name-from-another-index-to-a-scheduled/m-p/360505#M19335 <P>Hi pragi_eashwar,<BR /> you can follow two ways:</P> <UL> <LI>if you have a more or less static situation, you can put your hostnames and IPs in a lookup and use it to insert hostames in your report;</LI> <LI>if you have a dynamic situation, you can use commands like appendpipe or join to add the hostname to each row of your report.</LI> </UL> <P>I suggest to use Lookup because is quicker.</P> <P>Your can manage hostnames in you lookup using a scheduled search, every night (or a different frequency) e.g.:</P> <PRE><CODE>your_search | dedup host | table host ip </CODE></PRE> <P>after you can use it </P> <PRE><CODE>index=a threat=critical vulnerability=high | lookup hostnames.csv ip OUTPUT host | table ip host a b c </CODE></PRE> <P>Bye.<BR /> Giuseppe</P> Wed, 03 May 2017 09:54:14 GMT https://community.splunk.com/t5/Deployment-Architecture/How-do-I-add-a-host-name-from-another-index-to-a-scheduled/m-p/360505#M19335 gcusello 2017-05-03T09:54:14Z