Thanx for you response, in my case client_ip is not a multi value field instead its one of the interesting field when I execute the search, like that there are more interesting fields like dest_ip,server_ip,src_ip etc etc,
if I execute the below query like the below I am getting error.
index=pan_logs source="udp:51401" | lookup dnslookup clientip AS client_ip,destip as dest_ip OUTPUT clienthost as client_host , desthost as dest_host
hope you understood my requirement.
Regards,
Neelu
... View more