Building for the Splunk Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Help using outputlookup command to display fields on CSV header.

jip31
Motivator
‎06-18-2020 01:08 AM

Hi,

I use a scheduled search in order to generate a CSV lookup automatically:

 

patch

 

 

 

| table Computer Site OSVersion
| rename Computer as host
| outputlookup host.csv

 

 

But on the first line of the CSV, I need to display the 3 fields on the header like host, site, and OS version.

If I add these fields in the CSV before running the search, I would like to know if these fields are going to be deleted when the search is finished?

Thanks.

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
Esteemed Legend
‎06-18-2020 03:12 AM

Hi @jip31 ,

You can use outputlookup on an existing lookup, so you can create the lookup header (with the fields you like) using e.g. Lookup Editor App.

What do you need to create: a lookup or a csv file?

If a lookup, you don't need to insert header.

If a csv file, use outputcsv instead outputlookup and header is automatically inserted.

You could also add the header but it it's unuseful.

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
Esteemed Legend
‎06-18-2020 03:12 AM

Hi @jip31 ,

You can use outputlookup on an existing lookup, so you can create the lookup header (with the fields you like) using e.g. Lookup Editor App.

What do you need to create: a lookup or a csv file?

If a lookup, you don't need to insert header.

If a csv file, use outputcsv instead outputlookup and header is automatically inserted.

You could also add the header but it it's unuseful.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎06-18-2020 02:54 AM

The outputlookup command will put the header row in place as well.

0 Karma
Reply
Get Updates on the Splunk Community!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...