I Need to take a CSV file as input with a list of UF hostnames and check if they are reporting to splunk deployment server in a dashbaord
you could run something like this:
| metasearch index=_internal | dedup host | table host | outputlookup perimeter.csv
in this way you have a list of host that reported in a period (e.g. last month) and the list is saved in a lookup called perimeter.cav.
You can manage this lookup in two ways:
the first solution is easier but gives you less control: is there's an host that didn't connect in the last month you don't detect the missing one.
The second solution, requires more work, but gives you more control.
To my customers, I hint the second solution!
Then you can run a search like this to check if there's some host missing:
| metasearch index=_internal | eval host=lower(host) | stats count BY host | append [ | inputlookup perimeter.csv | eval host=lower(host), count=0 | fields host count ] | stats sum(count) AS total BY host | where total=0