Hi All,
I have a lookup containing username,hostname and I also have an assets index storing hostname, mac, ip. Im trying to merge data from the 2 to generate an up-to-date assets lookup for Enterprise Security. So something that will iterate all entries in the lookup and search against the assets index using hostname.
Im not sure how to best go about this, should I be using a subsearch or join or something else? please advise, i've tried playing around with subsearches to no avail so far.
Any help would be greatly appreciated.
Cheers
Sam
Hi,
how about a lookup command to merge them together?
| lookup yourcsv hostname OUTPUT username
After that you can pipe your results into a new csv file via outputcsv
Hi,
how about a lookup command to merge them together?
| lookup yourcsv hostname OUTPUT username
After that you can pipe your results into a new csv file via outputcsv
Hi,
Thanks for your reply. This is what im looking to do but i need to merge data from the assets index into the output too so something like:
inputlookup hosts | [index=assets | table hostname,mac,ip] | [ get mac,ip here from search using hostnames from inputlookup] | output username, hostname, mac ip
Hope this makes sense?
Cheers
Sam
Hi Sam,
no it really doesn't make much sense, but I'm trying to suggest something.
index=assets | fields hostname, mac, ip | lookup yourlookupcsv hostname OUTPUT username | table username, hostname, mac, ip
Hi Pyro,
I think this might be close to what I want! it isn't quite working yet but will play around with it, many thanks I think this may have put me on the right track. Will let you know how i get on.
Cheers
Sam
Good luck on that. 🙂
@samhodgson did you had any luck with that or do you need any further help?
Hi Pyro,
Thanks for coming back to me on this - i've just got back into the office today and managed to get it working 🙂
Thanks for your help!
Sam