I have a CSV with multiple hundred email addresses and I am trying to run a report to determine which accounts are active, and their username within our domain. Is there a way to do this simply within Splunk?
let me understand: you have in a csv a list containing hundreds of email addresses and you want to know which of them are active, is it correct?
To do this, you need a data frow from an email sistem or a front end web server used by your email system.
Then you have to load your csv in a lookup and thes perform a search on your data, like this:
(hypothesis: index is called "email", csv file is called "email.csv", email field in email index is called "sender", email field in csv is called "email")
| eval sender=lower(sender)
| stats count BY sender
| append [| inputlookup email.csv | eval sender=lower(email), count=0 | fields sender count) ]
| stats sum(count) AS total BY sender
| eval stats=if(total=0,"Inactive","Active")
| sort sender
| table sender status
View solution in original post
Thanks for the help!
good for you, see next time!
Ciao and happy splunking.
P.S.: Karma Points are appreciated 😉