Hi,
I spent a lot of hours to find the request I need with no success so I ask your help.
My goal is to build a request with multiple fields condition values extract from a CSV.
I have a CSV file with the below construction
| inputlookup nios_member_ip_lookup | fields MEMBER_IP
MEMBER_IP
192.168.1.xx1
192.168.3.xx2
192.168.1.xx5
192.168.1.xx7
192.168.1.xx0
192.168.xx.x0
192.168.x.xx5
192.168.x.xx0
192.168.x.xx0
192.168.x.xx3
Based on this result, I would have all results from each defined value for a field like:
index=ib_dns_summary report=si_dns_top_clients CLIENT=@IP1 OR CLIENT=@IP2 OR CLIENT=@IP3 ...
So I think I need to build a subsearch request, but I failed to do that. I tried this:
index=ib_dns_summary report=si_dns_top_clients CLIENT="$member_ip" [| inputlookup nios_member_ip_lookup | fields MEMBER_IP | rename MEMBER_IP as member_ip]
Thanks a lot for your help.
index=ib_dns_summary report=si_dns_top_clients [| inputlookup nios_member_ip_lookup | fields MEMBER_IP | rename MEMBER_IP as CLIENT | table CLIENT | format]
index=ib_dns_summary report=si_dns_top_clients [| inputlookup nios_member_ip_lookup | fields MEMBER_IP | rename MEMBER_IP as CLIENT | table CLIENT | format]
Works fine, thanks a lot for your help 🙂