https://community.splunk.com/t5/Splunk-Search/How-to-match-host-fields-between-two-separate-lookups/m-p/641198#M222150 <P>If you put two lists of names next to each other, what are the chances two names in the same row will match?&nbsp; That's what's happening here.</P><P><FONT face="courier new,courier">Appendpipe</FONT> is the answer to a rare set of problems.&nbsp; This is not one of them.</P><P>Pick one lookup as the base and use the <FONT face="georgia,palatino">lookup</FONT> command to see if the name exists in the other file.&nbsp; The command is case-insensitive so no need to shift case when comparing.&nbsp; If the name doesn't exist in the 2nd file then the <FONT face="courier new,courier">lookup</FONT> command will return NULL.</P><LI-CODE lang="markup">| inputlookup lookup1.csv | rex field=host "(?&lt;host&gt;[^.]+)\." | dedup host | lookup lookup2.csv Host as host OUTPUTNEW Host | eval results = if(isnotnull(Host), "hit", "miss") | table host Host results</LI-CODE><P>&nbsp;</P> Mon, 24 Apr 2023 21:57:50 GMT richgalloway 2023-04-24T21:57:50Z https://community.splunk.com/t5/Splunk-Search/How-to-match-host-fields-between-two-separate-lookups/m-p/641180#M222140 <P>Hello all,<BR /><BR />I have two lookups-- lookup1.csv with a "host" field and lookup2.csv with a "Host" field<BR /><BR />I want to see if any hosts match&nbsp;<BR /><BR />Pretty silly, but IM blanking on this for some reason&nbsp;</P> <P>here is how I was doing it, but it doesn't seem to find the hit (even when I add it in a matching host purposefully for testing)<BR /><BR /><SPAN><SPAN class="">| inputlookup lookup1.csv<BR />| rex field=host "(?&lt;host&gt;[^.]+)\."<BR />| dedup host<BR />| appendpipe [ | inputlookup lookup2.csv ]<BR />| table host Host<BR />| eval results = if(match(upper(Host),upper(host)), "hit", "miss")<BR />| table host Host results</SPAN></SPAN><BR /><BR /><BR /></P> Mon, 24 Apr 2023 19:04:11 GMT https://community.splunk.com/t5/Splunk-Search/How-to-match-host-fields-between-two-separate-lookups/m-p/641180#M222140 spluzer 2023-04-24T19:04:11Z https://community.splunk.com/t5/Splunk-Search/How-to-match-host-fields-between-two-separate-lookups/m-p/641198#M222150 <P>If you put two lists of names next to each other, what are the chances two names in the same row will match?&nbsp; That's what's happening here.</P><P><FONT face="courier new,courier">Appendpipe</FONT> is the answer to a rare set of problems.&nbsp; This is not one of them.</P><P>Pick one lookup as the base and use the <FONT face="georgia,palatino">lookup</FONT> command to see if the name exists in the other file.&nbsp; The command is case-insensitive so no need to shift case when comparing.&nbsp; If the name doesn't exist in the 2nd file then the <FONT face="courier new,courier">lookup</FONT> command will return NULL.</P><LI-CODE lang="markup">| inputlookup lookup1.csv | rex field=host "(?&lt;host&gt;[^.]+)\." | dedup host | lookup lookup2.csv Host as host OUTPUTNEW Host | eval results = if(isnotnull(Host), "hit", "miss") | table host Host results</LI-CODE><P>&nbsp;</P> Mon, 24 Apr 2023 21:57:50 GMT https://community.splunk.com/t5/Splunk-Search/How-to-match-host-fields-between-two-separate-lookups/m-p/641198#M222150 richgalloway 2023-04-24T21:57:50Z