Hello,
GOAL: determine if application server has logged based on a list of application ID codes
I have 2 csv lookups
Applicationlist.csv - contains: appID , appNAME
Applicationlist.csv is a subset of all applications listed in Applicationmetadata.csv.
| appID | appName |
| 5 | application_five |
| 24 | application_twentyfour |
| 35 | application_thrityfive |
| 120 | application_onehundtwnty |
Applicationmetadata.csv - contains: applicationID, applicationcode, appServerhostname , appServerIP,
| applicationID | applicationcode | appServerhostname | appServerIP | |
| 1 | app1 | webapp101 | 1.2.3.101 | |
| 1 | app1 | webapp1 | 1.2.3.1 | |
| 2 | app2 | sql46 | 1.2.4.5 | |
| 5 | app5 | sql234 | 1.2.5.67 | |
| 5 | app5 | apach32 | 1.2.5.6 | |
| 24 | app24 | webapp98 | 1.2.5.98 | |
| 29 | app29 | sql678 | 1.4.5.6 | |
| 35 | app35 | webapp35 | 1.7.8.99 | |
| 35 | app35 | sql909 | 1.7.8.9 | |
| 120 | app120 | rsatsl | 1.8.9.0 | |
*appID = applicationID. same data, different field name in each csv
* each applciation ususlly has more than 1 server
The index being refereed to collects not appserver logs, but server logging data. For example, the original index that the appserver logged to.
Desired results:
..... appmetadata, index(es)/sourcetype(s), Sorted by appID
| appID | appNAME | appServerhostname | original_index | original_sourcetype | |
| 5 | app_5 | hostname_5 | index1 | sourcetype_a | |
| 24 | app_24 | hostname_24 | index9 | sourcetype_x | |
| 35 | app_35 | hostname_35 | index11 | sourcetype_z | |
| 120 | app_120 | hostname_120 | index2 | sourcetype_b | |
* original_index and original_sourcetype are fields in the index that are linked to appServerhostname.
Thanks in advance for your help.
