https://community.splunk.com/t5/Splunk-Search/Why-are-two-of-my-columns-empty-in-a-table-returned-by-a-lookup/m-p/455714#M128854 <P>Thanks it's ok</P> Mon, 17 Sep 2018 08:44:04 GMT faribole 2018-09-17T08:44:04Z https://community.splunk.com/t5/Splunk-Search/Why-are-two-of-my-columns-empty-in-a-table-returned-by-a-lookup/m-p/455712#M128852 <P>I used a lookup file which is configuring like this </P> <PRE><CODE>field1, field2, field3, field4 value1, value2, value3, value4 value10, value2, value3, value4 value11, value2, value3, value4 </CODE></PRE> <P>I would like to obtain the results in a table where i count the quantity of the first field.</P> <PRE><CODE>field2 field3 field4 field1 value2 value3 value4 3 </CODE></PRE> <P>I tried this search:</P> <PRE><CODE>my search | lookup mylookup field1 output field2, field3, field4 | chart count by field2 | table field2 field3 field4 nb </CODE></PRE> <P>but columns field3 and field 4 are empty<BR /> where is my mistake ?</P> Thu, 13 Sep 2018 13:17:39 GMT https://community.splunk.com/t5/Splunk-Search/Why-are-two-of-my-columns-empty-in-a-table-returned-by-a-lookup/m-p/455712#M128852 faribole 2018-09-13T13:17:39Z https://community.splunk.com/t5/Splunk-Search/Why-are-two-of-my-columns-empty-in-a-table-returned-by-a-lookup/m-p/455713#M128853 <P>Give this a try</P> <PRE><CODE>my search | lookup mylookup field1 output field2, field3, field4 | stats count by field2 field3 field4 </CODE></PRE> Thu, 13 Sep 2018 16:19:32 GMT https://community.splunk.com/t5/Splunk-Search/Why-are-two-of-my-columns-empty-in-a-table-returned-by-a-lookup/m-p/455713#M128853 somesoni2 2018-09-13T16:19:32Z https://community.splunk.com/t5/Splunk-Search/Why-are-two-of-my-columns-empty-in-a-table-returned-by-a-lookup/m-p/455714#M128854 <P>Thanks it's ok</P> Mon, 17 Sep 2018 08:44:04 GMT https://community.splunk.com/t5/Splunk-Search/Why-are-two-of-my-columns-empty-in-a-table-returned-by-a-lookup/m-p/455714#M128854 faribole 2018-09-17T08:44:04Z