I'm trying to join information from a metadata search to a lookup file. It works using a subsearch such as this:
| metadata type=hosts index= | join type=left host [|inputlookup myfile.csv |rename fieldx as host]
My metadata host field may contain an IP or a name. My lookup file contains two fields - one with the IP and another with the hostname. Can I join the two files so that if the metadata host field is an IP it joins the lookup file based on the IP field and when the metadata host field contains a hostname it joins based on the hostname field?
I can do this by running two different searches - one join for IP and one join for hostname and combine the two results in a dashboard, but I was wondering if I could join the records based on either value of the host field in one search.
Any input is greatly appreciated!
↧