Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to search a list of names and compare it to a different list of names?

atebysandwich
Path Finder
‎02-10-2023 09:26 AM

I have two lists: one has a list of hostnames and another has a list of prefixes to hostnames. I would like to create a search with an output showing hosts that do not have a name containing  any of the prefixes in the second list. 

Example: 

Inputlookup                                         Lookup

Hostname                                             Hostname Prefix

appletown                                             town
treeville                                                   tree

I would like to create a search showing a list of hostnames from the first list that do not contain any of the hostnames in the second. 

Labels (1)
Labels
0 Karma
Reply

andrew_nelson
Communicator
‎02-10-2023 10:05 AM

You could use wildcard matching on the prefix lookup. 

Create your prefix lookup like this : 
prefix, match_type
*tree*, Tree
*town*, Town 

Then create a lookup definition for the prefix lookup with the additional settings WILDCARD(prefix)

You can then run a search like   

|inputlookup hostsfile 
| lookup prefix_lookup_definition prefix as Hostname



0 Karma
Reply
Get Updates on the Splunk Community!

Best Strategies to Optimize Observability Costs

 Join us on Tuesday, May 6, 2025, at 11 AM PDT / 2 PM EDT for an insightful session on optimizing ...

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...