I need to produce an extract to use as a data source for a third party application. The application needs the data in a csv format and required data from two sourcetypes. I can search for one sourcetype and then append the second search, but the tabled output is uneven. Here is an example - I need for two data sets to be merged.
index=os host=xxxxxxx sourcetype=puppet_facts | dedup host | append [search index=os host=xxxxxxx sourcetype=package | multikv | dedup VENDOR,NAME,VERSION ] | table host,Domain,server,manufacturer,User,operatingsystem,VENDOR,NAME,VERSION
needed output format - host,Domain,server,manufacturer,User,operatingsystem,VENDOR,NAME,VERSION - (i am ignoring the Domain and User field right now )
results
host01 Cisco Systems Inc RedHat
host01 Red Hat, Inc. redhat-lsb 4.0
host01 Red Hat, Inc. infinipath-psm 3.0.1
How do I combine the output for row and 2 for every result to like this?
host01 Cisco Systems Inc RedHat Red Hat, Inc. redhat-lsb 4.0
host01 Cisco Systems Inc RedHat Red Hat, Inc. infinipath-psm 3.0.1
Also - is it possible to hardcode certain values? For example
host,Domain,server,manufacturer,User,operatingsystem,VENDOR,NAME,VERSION
so the output would be
host01 Domain server Cisco Systems Inc User RedHat Red Hat, Inc. redhat-lsb 4.0
Thanks for any feedback!
... View more