Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

help on outputlookup field name

jip31
Motivator
‎11-02-2020 11:01 PM

hi

I use a scheduled search in order to generate a csv lookup

| inputlookup fo_all where TYPE="PC" 
| rename HOSTNAME as host 
| table host 
| outputlookup industrial_host.csv

As you can see, I identify a list of host in order to copy them in the lookup

but at the beginning of my lookyp, i need to have the name "host" and after the list of the host

how to do this please? 

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

t_shreya
Path Finder
‎11-02-2020 11:19 PM

Hi @jip31 

Your query will create the following lookup:

host
val1
val2
val3
........

Is this the way in which you require the lookup to be or some other format?

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

t_shreya
Path Finder
‎11-02-2020 11:19 PM

Hi @jip31 

Your query will create the following lookup:

host
val1
val2
val3
........

Is this the way in which you require the lookup to be or some other format?

0 Karma
Reply
Solved! Jump to solution

jip31
Motivator
‎11-03-2020 12:35 AM

Hi

OK I thought the header 'host" will not be created automatically.....

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...