Re: How to search a list of names and compare it t...

atebysandwich · ‎02-10-2023

I have two lists: one has a list of hostnames and another has a list of prefixes to hostnames. I would like to create a search with an output showing hosts that do not have a name containing any of the prefixes in the second list.

Example:

Inputlookup Lookup

Hostname Hostname Prefix

appletown town
treeville tree

I would like to create a search showing a list of hostnames from the first list that do not contain any of the hostnames in the second.

andrew_nelson · ‎02-10-2023

You could use wildcard matching on the prefix lookup.

Create your prefix lookup like this :
prefix, match_type
*tree*, Tree
*town*, Town

Then create a lookup definition for the prefix lookup with the additional settings WILDCARD(prefix)

You can then run a search like

|inputlookup hostsfile
| lookup prefix_lookup_definition prefix as Hostname

How to search a list of names and compare it to a different list of names?

lookup

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Are you a member of the Splunk Community?

How to search a list of names and compare it to a different list of names?

lookup

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I