Using a lookup to grab a host's subnet and then li...

pkeller · ‎11-02-2012

I have a lookup table that includes fields for hostname and subnet. I can easily view all hosts in a subnet by searching: |inputlookup subnet_map.csv | where subnet LIKE "111.111.111.111%" | table hostname,subnet ... I'd prefer to be able to grab the subnet field from a search like: |inputlookup subnet_map.csv | where host LIKE "my_host%" | table subnet ... and push it into the "where subnet LIKE "subnet" ... so that I grab a list of all hosts in the matching subnet but by using a single hostname.

In essence, what I need to do is take the output of one inputlookup request and pipe it to a second one.

I apologize if I'm wording this poorly.

Thank you.

pkeller · ‎11-26-2012

Ultimately was able to get this sorted out by using the following search syntax ...

gkanapathy · ‎11-04-2012

You should look at subsearches: http://docs.splunk.com/Documentation/Splunk/5.0/Search/Aboutsubsearches

Using a lookup to grab a host's subnet and then list out all other hosts in that subnet.

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!