Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

inputlookup query table fields

MGlass
Explorer
‎12-22-2023 09:08 AM

I am running the current search using the network toolkit but will not show the hostname field from the csv, do I need to do another inputlookup at the end of the search.

| inputlookup iphost.csv
| search src_ipV4=* hostname=*
| rename src_ipV4 as host
| stats values(host) as host
| mvexpand host
| map maxsearches=50 search="| ping host=$host$ count=1 | eval dest=if(isnull(dest),host,dest) | fields host dest received"
| table host dest received hostname

Labels (1)
Labels
0 Karma
Reply

dtburrows3
Builder
‎12-22-2023 09:19 AM

Since you are piping to a map command the final resulting dataset you are presented with are from the inner search of that map command. You should be able to use hostname as a token inside that inner search to get it to show up in the final results.

Something like this.

 

| inputlookup iphost.csv
| search src_ipV4=* hostname=*
| rename src_ipV4 as host
| stats values(host) as host by hostname
| mvexpand host
| map maxsearches=50 search="| ping host=$host$ count=1 | eval dest=if(isnull(dest),host,dest), hostname=\"$hostname$\" | fields host dest received, hostname"
| table host dest received hostname

 

 

0 Karma
Reply

MGlass
Explorer
‎12-22-2023 12:00 PM

Looks like it works but the received results are the same for each host, I have 7 of  8 servers offline and they all show received responses.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...