Solved: Lookup from CSV and output another column

logtastic · ‎06-07-2021

Hello,

I am comparing a host.csv file with two columns "IP" and "DNS" I want to compare the IP column to my base search and also output the DNS column from the CSV. I have the following working by renaming the IP column from my CSV to the src_ip field in Splunk but I need help with outputting the DNS column from excel:

index=test 
    [| inputlookup hosts.csv 
    | rename IP as src_ip
    | fields src_ip]
| stats count(src_ip) by sourcetype

I tried a few things but no luck. Thank you!

venkatasri · ‎06-07-2021

Hi @logtastic

You can try following query.

index=test 
    [| inputlookup hosts.csv 
    | rename IP as src_ip
    | fields src_ip] 
| fields src_ip sourcetype
| lookup hosts.csv IP as src_ip OUTPUTNEW dns
| stats count(src_ip) by sourcetype

-------------

An upvote would be appreciated if it helps!

View solution in original post

venkatasri · ‎06-07-2021

Hi @logtastic

You can try following query.

index=test 
    [| inputlookup hosts.csv 
    | rename IP as src_ip
    | fields src_ip] 
| fields src_ip sourcetype
| lookup hosts.csv IP as src_ip OUTPUTNEW dns
| stats count(src_ip) by sourcetype

-------------

An upvote would be appreciated if it helps!

Lookup from CSV and output another column

field extraction

fields

join

lookup

subsearch

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Are you a member of the Splunk Community?

Lookup from CSV and output another column