Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to search a list of names and compare it to a different list of names?

atebysandwich
Path Finder
‎02-10-2023 09:26 AM

I have two lists: one has a list of hostnames and another has a list of prefixes to hostnames. I would like to create a search with an output showing hosts that do not have a name containing  any of the prefixes in the second list. 

Example: 

Inputlookup                                         Lookup

Hostname                                             Hostname Prefix

appletown                                             town
treeville                                                   tree

I would like to create a search showing a list of hostnames from the first list that do not contain any of the hostnames in the second. 

Labels (1)
Labels
0 Karma
Reply

andrew_nelson
Communicator
‎02-10-2023 10:05 AM

You could use wildcard matching on the prefix lookup. 

Create your prefix lookup like this : 
prefix, match_type
*tree*, Tree
*town*, Town 

Then create a lookup definition for the prefix lookup with the additional settings WILDCARD(prefix)

You can then run a search like   

|inputlookup hostsfile 
| lookup prefix_lookup_definition prefix as Hostname



0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...