I have an input lookup file called windows.CSV and have another .CSV file which contains host, sourcetype, and source details.
How can we map these columns into the existing lookup file or merge two files into a single file?
Is it possible? Please suggest me.
Host, Sourcetype and Source
| inputlookup windows.csv | lookup other.csv host | outputlookup merged.csv
This assumes that both are lookups (you didn't say that about the other.csv) if it's not then assuming it in var/run/splunk:
| inputcsv other.csv | lookup windows.csv | outputlookup merged.csv
Please suggest me, how to marge two files in to single file. Common key for both file is Hostname and SourceType.
i should get only column of Hostname and SourceType not any other columns.
The file name is available below.
| inputlookup new_windows_devices.csv | inputlookup Windows.csv
I believe you can accomplish this by utilizing the append=t functionality of inputlookup. i.e.
| inputlookup windows.csv | inputlookup other.csv append=t
Please let me know if this answers your question!