Hi
I have a lookup table containg the host name and a software version
hostlookup.csv
hostname,version
hostA,2
hostB,2
hostC,3
Each host is sending the current installed software version each 5 min to splunk.
How can I create a table like this. I Iike to compare if a host has installed the right software version.
hostname, installed_version, expected_version, result
hostA, 2, 2, OK
hostB, 3, 2, WRONG
hostC, 2, 3, WRONG
Try this!
(your search)
|rename version as installed_version
|lookup hostname hostlookup.csv output version as expected_version]
|eval result=if(installed_version=expected_version,"OK","WRONG")
|table hostname, installed_version, expected_version, result
weird ... I see ] without a [
It is a typo.
as expected_version]
↓
as expected_version