This I know is a stupid question, but here it goes anyways, hoping someone solved this problem in the past. Does anyone know how to undo the changes to a lookup when accidently using | outputlookup...
hi I use a scheduled search in order to generate a csv lookup | inputlookup fo_all where TYPE="PC"
| rename HOSTNAME as host
| table host
| outputlookup industrial_host.csv As you can see, I i...
Good afternoon All,
I am having a hard time trying to understand the difference between "lookup", "inputlookup", and "outputlookup". I am also trying to get a basic real world example of why o...
How can I get outputlookup or outputcsv to only include certain fields in the resulting lookup file?
An example explains it better:
SEARCH | DEDUP FieldName1 | FIELDS FieldName1, F...
I have three text input boxes in my dashboard. I want to add (/append) those values to a kvstore collection on clicking the submit button. I am trying to use outputlookup, but have not had any l...
Hello
I use the code below.
I'm doing an outputlookup at the end of the query, but I want to do it with a condition.
The condition is that Build=1511.
Do i have to use a where command o...
...")), "%m/%d/%Y %H:%M:%S")
| eval _time = n ]
| outputlookup append=true test.csv
results are as follows in the statistics view of the same search page:
date_first d...