Re: IP to Name

vistasyslog · ‎01-11-2013

I cannot get the hostnames in place of IP's on the summary screen. I need to get it done through the .csv file option and not DNS.

.CSV file contents reads :

IP,Name
10.12.0.132,AUS-BROCADE-10G-2
10.12.100.9,AUS-VG1
10.12.100.8,AUS-VG2

Transforms.conf :

[hostnames]
filename = hostnames.csv

props.conf :

[access_combined]
Lookup-hostnames = Hostnames ip AS IP OUTPUT Name

Can you tell me if there is something that I need to change.

I have added the .csv file as a lookup table, pointed a lookup definition to it.
When I perform this search :

sourcetype="syslog" | lookup hostnames host AS IP OUTPUT Name

I get the following error :

Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table

The .csv file is in the system/lookups folder.

Ayn · ‎01-11-2013

You have the fields in the wrong order in your lookup command, they should be the other way around:

... | lookup hostnames IP AS host OUTPUT Name

Ayn · ‎01-11-2013

It's not "Lookup", it's LOOKUP, all caps.

vistasyslog · ‎01-11-2013

My entire props.conf reads :

[source::udp:514]
TRANSFORMS-changesourcetype = riverbed_steelhead, sourcetype_cisco_asa

[access_combined]
Lookup-hostnames = hostnames ip AS IP OUTPUTNEW Name

vistasyslog · ‎01-11-2013

I tried this command., I still get the same error.
I also get the error :

Possible Typo in the first stanza [access_combined] in props.conf file.

IP to Name