I have a list of hosts on a lookup around 40 hosts. For the list of hosts I want to check the list of sourcetypes like below
search 1 :-
host="host1" | stats count by sourcetype
search 2 :-
host="host2" | stats count by sourcetype
and so on upto search 40 which contains the host 40 which is a long process and time consuming one. Instead is there any way to use all the hosts from the lookup tables in a query and display the available sourcetypes for each host?
The lookup file name is ABCD.csv
Also I dont want the stats count I just want the list of sourcetypes for each host like below
host sourcetypes
host1 sourcetype_1
host2 sourcetype2a
sourcetype2b
and so on.
↧