Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Help using outputlookup command to display fields on CSV header.

jip31
Motivator
‎06-18-2020 01:08 AM

Hi,

I use a scheduled search in order to generate a CSV lookup automatically:

 

patch

 

 

 

| table Computer Site OSVersion
| rename Computer as host
| outputlookup host.csv

 

 

But on the first line of the CSV, I need to display the 3 fields on the header like host, site, and OS version.

If I add these fields in the CSV before running the search, I would like to know if these fields are going to be deleted when the search is finished?

Thanks.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎06-18-2020 03:12 AM

Hi @jip31 ,

You can use outputlookup on an existing lookup, so you can create the lookup header (with the fields you like) using e.g. Lookup Editor App.

What do you need to create: a lookup or a csv file?

If a lookup, you don't need to insert header.

If a csv file, use outputcsv instead outputlookup and header is automatically inserted.

You could also add the header but it it's unuseful.

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎06-18-2020 03:12 AM

Hi @jip31 ,

You can use outputlookup on an existing lookup, so you can create the lookup header (with the fields you like) using e.g. Lookup Editor App.

What do you need to create: a lookup or a csv file?

If a lookup, you don't need to insert header.

If a csv file, use outputcsv instead outputlookup and header is automatically inserted.

You could also add the header but it it's unuseful.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎06-18-2020 02:54 AM

The outputlookup command will put the header row in place as well.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...