Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Help using outputlookup command to display fields on CSV header.

jip31
Motivator
‎06-18-2020 01:08 AM

Hi,

I use a scheduled search in order to generate a CSV lookup automatically:

 

patch

 

 

 

| table Computer Site OSVersion
| rename Computer as host
| outputlookup host.csv

 

 

But on the first line of the CSV, I need to display the 3 fields on the header like host, site, and OS version.

If I add these fields in the CSV before running the search, I would like to know if these fields are going to be deleted when the search is finished?

Thanks.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎06-18-2020 03:12 AM

Hi @jip31 ,

You can use outputlookup on an existing lookup, so you can create the lookup header (with the fields you like) using e.g. Lookup Editor App.

What do you need to create: a lookup or a csv file?

If a lookup, you don't need to insert header.

If a csv file, use outputcsv instead outputlookup and header is automatically inserted.

You could also add the header but it it's unuseful.

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎06-18-2020 03:12 AM

Hi @jip31 ,

You can use outputlookup on an existing lookup, so you can create the lookup header (with the fields you like) using e.g. Lookup Editor App.

What do you need to create: a lookup or a csv file?

If a lookup, you don't need to insert header.

If a csv file, use outputcsv instead outputlookup and header is automatically inserted.

You could also add the header but it it's unuseful.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎06-18-2020 02:54 AM

The outputlookup command will put the header row in place as well.

0 Karma
Reply
Get Updates on the Splunk Community!

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...

Introducing a Smarter Way to Discover Apps on Splunkbase

We’re excited to announce the launch of a foundational enhancement to Splunkbase: App Tiering.  Because we’ve ...

How to Send Splunk Observability Alerts to Webex teams in Minutes

As a Developer Evangelist at Splunk, my team and I are constantly tinkering with technology to explore its ...
Top