Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

compare field from search with field from csv file

sarit_s
Communicator
‎08-24-2021 05:20 AM

Hello

I have csv file with host names

also, i have this query :

sourcetype="Perfmon:Windows Time Service" counter="Computed Time Offset"

this search returns the host name.

how can i search within the hosts in the csv file so only the ones from the file will return in my global search ?

thanks 

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

manjunathmeti
SplunkTrust
SplunkTrust
‎08-24-2021 05:28 AM

hi @sarit_s,

Assuming you field host in CSV file, you can filter in the main search only.

sourcetype="Perfmon:Windows Time Service" counter="Computed Time Offset" [| inputlookup filename.csv | field host | format]

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

manjunathmeti
SplunkTrust
SplunkTrust
‎08-24-2021 05:28 AM

hi @sarit_s,

Assuming you field host in CSV file, you can filter in the main search only.

sourcetype="Perfmon:Windows Time Service" counter="Computed Time Offset" [| inputlookup filename.csv | field host | format]

 

0 Karma
Reply
Get Updates on the Splunk Community!

Testing out the OpenTelemetry Collector With raw Data

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

New Cloud Intrusion Detection System Add-on for Splunk

In July 2022 Splunk released the Cloud IDS add-on which expanded Splunk capabilities in security and data ...

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...