Solved: Lookup from CSV and output another column

logtastic · ‎06-07-2021

Hello,

I am comparing a host.csv file with two columns "IP" and "DNS" I want to compare the IP column to my base search and also output the DNS column from the CSV. I have the following working by renaming the IP column from my CSV to the src_ip field in Splunk but I need help with outputting the DNS column from excel:

index=test 
    [| inputlookup hosts.csv 
    | rename IP as src_ip
    | fields src_ip]
| stats count(src_ip) by sourcetype

I tried a few things but no luck. Thank you!

venkatasri · ‎06-07-2021

Hi @logtastic

You can try following query.

index=test 
    [| inputlookup hosts.csv 
    | rename IP as src_ip
    | fields src_ip] 
| fields src_ip sourcetype
| lookup hosts.csv IP as src_ip OUTPUTNEW dns
| stats count(src_ip) by sourcetype

-------------

An upvote would be appreciated if it helps!

View solution in original post

venkatasri · ‎06-07-2021

Hi @logtastic

You can try following query.

index=test 
    [| inputlookup hosts.csv 
    | rename IP as src_ip
    | fields src_ip] 
| fields src_ip sourcetype
| lookup hosts.csv IP as src_ip OUTPUTNEW dns
| stats count(src_ip) by sourcetype

-------------

An upvote would be appreciated if it helps!

Lookup from CSV and output another column

field extraction

fields

join

lookup

subsearch

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

Lookup from CSV and output another column