Developing for Splunk Enterprise

Help using outputlookup command to display fields on CSV header.

jip31
Builder

Hi,

I use a scheduled search in order to generate a CSV lookup automatically:

 

patch

 

 

 

| table Computer Site OSVersion
| rename Computer as host
| outputlookup host.csv

 

 

But on the first line of the CSV, I need to display the 3 fields on the header like host, site, and OS version.

If I add these fields in the CSV before running the search, I would like to know if these fields are going to be deleted when the search is finished?

Thanks.

Labels (2)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @jip31 ,

You can use outputlookup on an existing lookup, so you can create the lookup header (with the fields you like) using e.g. Lookup Editor App.

What do you need to create: a lookup or a csv file?

If a lookup, you don't need to insert header.

If a csv file, use outputcsv instead outputlookup and header is automatically inserted.

You could also add the header but it it's unuseful.

Ciao.

Giuseppe

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @jip31 ,

You can use outputlookup on an existing lookup, so you can create the lookup header (with the fields you like) using e.g. Lookup Editor App.

What do you need to create: a lookup or a csv file?

If a lookup, you don't need to insert header.

If a csv file, use outputcsv instead outputlookup and header is automatically inserted.

You could also add the header but it it's unuseful.

Ciao.

Giuseppe

View solution in original post

0 Karma

FrankVl
Ultra Champion

The outputlookup command will put the header row in place as well.

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!