Let's assume the network_device index contains a field called ip_address that holds the IP address of a host. Let's also assume you have a lookup table called hostnames.csv with two fields: ip_address and hostname.
To get a host name from an IP address, a query might look something like this.
index=network_device ip_address=*
| lookup hostnames.csv ip_address OUTPUT hostname
| table ip_address hostname
Hi @np_hwp,
if the field in your lookup are called ip and hostname and the field in the search is called ip, you could run something like this:
index=network_device
| lookup your_lookup.csv ip OUTPUT hostname
| table ip hostname
For more infos see the lookup command https://docs.splunk.com/Documentation/Splunk/8.2.4/SearchReference/Lookup
Ciao.
Giuseppe
Hi @np_hwp,
good for you, see next time!
Ciao and happy splunking.
Giuseppe
P.S.: Karma Points are appreciated by all the Contributors 😉
Let's assume the network_device index contains a field called ip_address that holds the IP address of a host. Let's also assume you have a lookup table called hostnames.csv with two fields: ip_address and hostname.
To get a host name from an IP address, a query might look something like this.
index=network_device ip_address=*
| lookup hostnames.csv ip_address OUTPUT hostname
| table ip_address hostname