Hi,
I have a query that uses this search to look for hosts that we need to validate:
|tstats count WHERE index=* AND [ |inputlookup testSVB2.csv |fields + host] groupby host, index, sourcetype
I'd like to expand this, so that it uses additional columns against the host field. I'd have an IP column, and a fully qualified domain name (FQDN) column in the lookup, and then search, comparing those to the hosts field.
I'm guessing that an "OR" statement is the best option, but I don't see any way to do that in this scenario. Does anyone have a suggestion?
↧