Scheduled report
Query
Index=a threat=critical vulnerability=high | table ip,a,b,c
Requirement
How to add host name of the ip to this report which is present in the Logs situated in another index ?
Hi pragi_eashwar,
you can follow two ways:
I suggest to use Lookup because is quicker.
Your can manage hostnames in you lookup using a scheduled search, every night (or a different frequency) e.g.:
your_search
| dedup host
| table host ip
after you can use it
index=a threat=critical vulnerability=high
| lookup hostnames.csv ip OUTPUT host
| table ip host a b c
Bye.
Giuseppe
Hi pragi_eashwar,
you can follow two ways:
I suggest to use Lookup because is quicker.
Your can manage hostnames in you lookup using a scheduled search, every night (or a different frequency) e.g.:
your_search
| dedup host
| table host ip
after you can use it
index=a threat=critical vulnerability=high
| lookup hostnames.csv ip OUTPUT host
| table ip host a b c
Bye.
Giuseppe