Hi all,
I have .csv file with the multiple columns. But only one will be used to compare results, name of that column is exampleIP.
My goal is to compare ip address from that column with the column client.ipaddress from index=blah. If it matches, output new column: Match with the results of Yes or No.
exampleip
--------------
1.1.1.1
2.2.2.2
3.3.3.3
index=blah
| table client.ipaddress
2.2.2.2
3.3.3.3
desired output
|table exampleip, client.ipaddress, match
---------
1.1.1.1 | | No
2.2.2.2 | 2.2.2.2 | yes
3.3.3.3 | 3.3.3.3 | yes
I have already tried to apply different answers from similar subjects but no luck.
Also, is there a way to add other columns from index=blah in the end table result?
Thanks all in advance
hi @dblagojevic,
Try this:
index=blah
| lookup csv_filename.csv exampleip as client.ipaddress OUTPUT exampleip
| eval match=if('client.ipaddress'== exampleip, "yes", "no")
hi @dblagojevic,
Try this:
index=blah
| lookup csv_filename.csv exampleip as client.ipaddress OUTPUT exampleip
| eval match=if('client.ipaddress'== exampleip, "yes", "no")
Hi @manjunathmeti ,
Thanks for your answer. It worked as a charm. I have just added:
| table client.ipaddress, exampleip, match, and of other interesting columns
If i may ask additional question: do you think that this could be done if a column exampleip contains cidr ranges?
For example: 10.0.1.0/24
It is possible using CSV lookup
test.csv
iprange
10.0.1.0/24
10.0.2.0/24
Query
index=blah | lookup user_friendly_name iprange as client.ipaddress OUTPUT iprange | eval match=if(isnotnull(iprange),"yes","no")
No that's not possible using csv lookup. If you few values for exampleip then you can use cidrmatch function like below:
index=blah | eval client_ipaddress = 'client.ipaddress', match=if(cidrmatch("10.0.1.0/24", client_ipaddress), "yes", "no")