Hello,
It doesn't work, here's my research:

index="dc_winaudit" host=IN1101D9 OR host=IN1101DA OR host=IN1101DB OR host="IN1101DC" OR host="in1101dd" OR host="IN1101DE" OR host="IN1102D1" OR host="IN1102D2" OR host="IN1102D3" OR host="IN1102D4" OR host="IN1102D5" OR host="IN1102D7" OR host="IN1102D8" OR host="IN1102DC" OR host="IN1102DD" OR host="IN1102DE" OR host="IN1102DG" OR host="IN1102DH" OR host="IN1102DI" OR host="IN1102DJ" OR host="IN1104D1" OR host="IN1104D2" OR host="IN1104D3" OR host="IN1104D4" OR host="IN1104D5" OR host="IN1104D6" OR host="IN1104D7" OR host="IN1104DH" OR host="IN1104DI" OR host="IN1104DJ" OR host="IN4000D2" OR host="IN8000D2" OR host="IN7201D1" OR host="IN7202D2" OR host="IN7202D3" OR host="IN7201D1" OR host="IN7201D2" OR host="IN7201D3" OR host="IN9901D1" OR host="IN9901D2" OR host="IN9901D3" OR host="IN9901D4" OR host="IN9902D1" OR host="IN9902D2" OR host="IN9902D3" OR host="IN9902D4"
|rename Target_Domain as Domaine
|table host Domaine
|dedup host
|eval collecte=if(action = success,"Non","Oui")

I created a csv file to simplify, in my CSV file there is only one column it is the one of the host.

I would like to know how I can get exactly the same results by doing my search this time with my csv file and index.

thank you

second remark , do not use a table and dedup in that order, it's expensive as the table can only happen on the sh, rely on the map reduce capabilities of splunk to get the work done on the indexers.

|table host Domaine
|dedup host

try

|dedup host
| table host Domaine

if your lookup file is a csv "mycsvlookup.csv" or "mycsvlookup", with a single column "host"

You should be able to call it with

  | inputlookup mycsvlookup

now try

index="dc_winaudit" [  | inputlookup mycsvlookup | table host ]

or maybe

index="dc_winaudit" [ search | inputlookup mycsvlookup | table host ]