Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to search a list of names and compare it to a different list of names?

atebysandwich
Path Finder
‎02-10-2023 09:26 AM

I have two lists: one has a list of hostnames and another has a list of prefixes to hostnames. I would like to create a search with an output showing hosts that do not have a name containing  any of the prefixes in the second list. 

Example: 

Inputlookup                                         Lookup

Hostname                                             Hostname Prefix

appletown                                             town
treeville                                                   tree

I would like to create a search showing a list of hostnames from the first list that do not contain any of the hostnames in the second. 

Labels (1)
Labels
0 Karma
Reply

andrew_nelson
Communicator
‎02-10-2023 10:05 AM

You could use wildcard matching on the prefix lookup. 

Create your prefix lookup like this : 
prefix, match_type
*tree*, Tree
*town*, Town 

Then create a lookup definition for the prefix lookup with the additional settings WILDCARD(prefix)

You can then run a search like   

|inputlookup hostsfile 
| lookup prefix_lookup_definition prefix as Hostname



0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...