Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to search a list of names and compare it to a different list of names?

atebysandwich
Path Finder
‎02-10-2023 09:26 AM

I have two lists: one has a list of hostnames and another has a list of prefixes to hostnames. I would like to create a search with an output showing hosts that do not have a name containing  any of the prefixes in the second list. 

Example: 

Inputlookup                                         Lookup

Hostname                                             Hostname Prefix

appletown                                             town
treeville                                                   tree

I would like to create a search showing a list of hostnames from the first list that do not contain any of the hostnames in the second. 

Labels (1)
Labels
0 Karma
Reply

andrew_nelson
Communicator
‎02-10-2023 10:05 AM

You could use wildcard matching on the prefix lookup. 

Create your prefix lookup like this : 
prefix, match_type
*tree*, Tree
*town*, Town 

Then create a lookup definition for the prefix lookup with the additional settings WILDCARD(prefix)

You can then run a search like   

|inputlookup hostsfile 
| lookup prefix_lookup_definition prefix as Hostname



0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...