Hello
I want to do an match between a CSV file and my SPLUNK search
In the CSV file, i want that the field "host" which correspond to a list of computers name match with my searches
It means that for every host i want to match the free disk space, the date of lastlogon and last reboot etc....
Could you help me please???
| join type=outer host [inputlookup append=t NZDL.csv] | (index="perfmon" sourcetype="perfmon:logicaldisk" instance=c: counter="Free Megabytes" OR counter="% Free Space")
OR (index="windows-wmi" sourcetype="WMI:LastLogon")
OR (index="windows-wmi" sourcetype="WMI:LastReboot" LastBootUpTime)
OR (index="windows-wmi" sourcetype="wmi:MemorySize")
OR (index=windows sourcetype=winregistry earliest=-120d
key_path="\\registry\\machine\\software\\wow6432node\\xx\\master\\ConfigurationCountry" OR
key_path="\\registry\\machine\\software\\wow6432node\\xx\\master\\WindowsVersion" OR
key_path="\\registry\\machine\\software\\microsoft\\windows nt\\currentversion\\ReleaseId" OR
key_path="\\registry\\machine\\software\\wow6432node\\airbus\\master\\PatchLevel")
OR (index="windows-wmi" sourcetype="WMI:PeriphIssue" Caption=Mobile ConfigManagerErrorCode)
↧