Splunk Search
Highlighted

How can Splunk loop through a list of numbers and do an action against each of them?

Super Champion

We have got a problem to find a list of 500+ client servers (but less than 1000), which are missing DNS entries. the servers have a pattern luckily . Let's say for example, the server names are myhost001 to myhost999

So we want to loop through all those servers and do a dnslookup

|makeresults
| eval src_host_001="myhost001"
...
| eval src_host_999="myhost999"
| foreach src_host_* [eval src_host=<<FIELD>>]
|lookup dnslookup clienthost as src_host OUTPUTNEW clientip

Is there a way, we can loop using a pattern, so I don't want to use a lookup file or external csv?
Ideally the logic I'm trying to replicate is
for a range of myhost[0-9][0-9][0-9] , loop through each of them and do a dnslookup

So something like in sort of

for id in $( seq 1 999 ); do {
    src_host=myhost${id}
   ##|lookup dnslookup clienthost as ${src_host} OUTPUTNEW clientip
}

thanks in advance

Highlighted

Re: How can Splunk loop through a list of numbers and do an action against each of them?

SplunkTrust
SplunkTrust

TBH, this is probably easier to do with a bash script.

---
If this reply helps you, an upvote would be appreciated.
Highlighted

Re: How can Splunk loop through a list of numbers and do an action against each of them?

Super Champion

wished we had got access to backend 🙂

0 Karma
Highlighted

Re: How can Splunk loop through a list of numbers and do an action against each of them?

Influencer

Hi @koshyk,

Try this:

| makeresults count=999 
| eval number = 1 
| streamstats sum(number) as number 
| eval src_host=case(len(number)==1, "myhost00".number, len(number)==2, "myhost0".number, 1==1, "myhost".number)
| lookup dnslookup clienthost as src_host OUTPUTNEW clientip
0 Karma
Highlighted

Re: How can Splunk loop through a list of numbers and do an action against each of them?

Ultra Champion
| makeresults count=999
| streamstats count 
| eval count=printf("%03d",count) 
| eval src_host="myhost".count
|lookup dnslookup clienthost as src_host OUTPUTNEW clientip

Hi, folks
How about this?

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.