https://community.splunk.com/t5/Splunk-Search/inputlookup-query-table-fields/m-p/672633#M230355 <P>Looks like it works but the received results are the same for each host, I have 7 of&nbsp; 8 servers offline and they all show received responses.</P> Fri, 22 Dec 2023 20:00:24 GMT MGlass 2023-12-22T20:00:24Z https://community.splunk.com/t5/Splunk-Search/inputlookup-query-table-fields/m-p/672622#M230353 <P>I am running the current search using the network toolkit but will not show the hostname field from the csv, do I need to do another inputlookup at the end of the search.</P><P>| inputlookup iphost.csv<BR />| search src_ipV4=* hostname=*<BR />| rename src_ipV4 as host<BR />| stats values(host) as host<BR />| mvexpand host<BR />| map maxsearches=50 search="| ping host=$host$ count=1 | eval dest=if(isnull(dest),host,dest) | fields host dest received"<BR />| table host dest received hostname</P> Fri, 22 Dec 2023 17:08:17 GMT https://community.splunk.com/t5/Splunk-Search/inputlookup-query-table-fields/m-p/672622#M230353 MGlass 2023-12-22T17:08:17Z https://community.splunk.com/t5/Splunk-Search/inputlookup-query-table-fields/m-p/672624#M230354 <P>Since you are piping to a map command the final resulting dataset you are presented with are from the inner search of that map command. You should be able to use hostname as a token inside that inner search to get it to show up in the final results.<BR /><BR />Something like this.<BR /><BR /></P><P>&nbsp;</P><LI-CODE lang="markup">| inputlookup iphost.csv | search src_ipV4=* hostname=* | rename src_ipV4 as host | stats values(host) as host by hostname | mvexpand host | map maxsearches=50 search="| ping host=$host$ count=1 | eval dest=if(isnull(dest),host,dest), hostname=\"$hostname$\" | fields host dest received, hostname" | table host dest received hostname</LI-CODE><P>&nbsp;</P><P>&nbsp;</P> Fri, 22 Dec 2023 17:28:31 GMT https://community.splunk.com/t5/Splunk-Search/inputlookup-query-table-fields/m-p/672624#M230354 dtburrows3 2023-12-22T17:28:31Z https://community.splunk.com/t5/Splunk-Search/inputlookup-query-table-fields/m-p/672633#M230355 <P>Looks like it works but the received results are the same for each host, I have 7 of&nbsp; 8 servers offline and they all show received responses.</P> Fri, 22 Dec 2023 20:00:24 GMT https://community.splunk.com/t5/Splunk-Search/inputlookup-query-table-fields/m-p/672633#M230355 MGlass 2023-12-22T20:00:24Z