https://community.splunk.com/t5/Splunk-Search/lookup-query/m-p/464603#M191612 <P>Greetings!!</P> <P>I have created a new lookup table xyz.csv that contain host and hostname(as description) and the name of lookup is xyz_lookup</P> <P>when i search |inputlookup xyz_lookup I got the table with host and hostname,</P> <P>BUT my question is: <BR /> what query can I use to combine the other command with this lookup,</P> <P>when I search for index= xx sourcetype=ttt |top host -this gives me host,count,percent BUT i want also to use that it gives me also hostname , not only host ...</P> <P>Help me on how I could combine my lookup with other query? Thank you in advance</P> <P>regards<BR /> paci N</P> Wed, 11 Dec 2019 10:18:16 GMT pacifikn 2019-12-11T10:18:16Z https://community.splunk.com/t5/Splunk-Search/lookup-query/m-p/464603#M191612 <P>Greetings!!</P> <P>I have created a new lookup table xyz.csv that contain host and hostname(as description) and the name of lookup is xyz_lookup</P> <P>when i search |inputlookup xyz_lookup I got the table with host and hostname,</P> <P>BUT my question is: <BR /> what query can I use to combine the other command with this lookup,</P> <P>when I search for index= xx sourcetype=ttt |top host -this gives me host,count,percent BUT i want also to use that it gives me also hostname , not only host ...</P> <P>Help me on how I could combine my lookup with other query? Thank you in advance</P> <P>regards<BR /> paci N</P> Wed, 11 Dec 2019 10:18:16 GMT https://community.splunk.com/t5/Splunk-Search/lookup-query/m-p/464603#M191612 pacifikn 2019-12-11T10:18:16Z https://community.splunk.com/t5/Splunk-Search/lookup-query/m-p/464604#M191613 <P>Hello!</P> <P>You can try to output your inputlookup results (since inputlookup should be the first item in your search) with the MAP command to combine results.</P> <P>You can find more info about this in the following posts:</P> <P><A href="https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/SearchReference/Map">https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/SearchReference/Map</A><BR /> <A href="https://answers.splunk.com/answers/743935/problem-with-map-command-using-search-from-lookup.html">https://answers.splunk.com/answers/743935/problem-with-map-command-using-search-from-lookup.html</A></P> Wed, 11 Dec 2019 10:36:56 GMT https://community.splunk.com/t5/Splunk-Search/lookup-query/m-p/464604#M191613 raduurjan 2019-12-11T10:36:56Z https://community.splunk.com/t5/Splunk-Search/lookup-query/m-p/464605#M191614 <PRE><CODE>index= xx sourcetype=ttt |top host |lookup xyz_lookup </CODE></PRE> <P>Hi, @pacifikn<BR /> how is it?</P> Wed, 11 Dec 2019 11:48:53 GMT https://community.splunk.com/t5/Splunk-Search/lookup-query/m-p/464605#M191614 to4kawa 2019-12-11T11:48:53Z https://community.splunk.com/t5/Splunk-Search/lookup-query/m-p/464606#M191615 <P>Thank you All for your quick response,</P> <P>I didn't tell soon , I have tried to use OUTPUTNEW and it is working correctly,</P> <P>index=xxx sourrcetype=tttt action=T |top host |lookup name_lookup host OUTPUTNEW hostname</P> <P>I used the above command and it was working correctly.</P> <P>Thank you again for the other way you mentioned above it is also working good! thank you all</P> Thu, 12 Dec 2019 06:27:00 GMT https://community.splunk.com/t5/Splunk-Search/lookup-query/m-p/464606#M191615 pacifikn 2019-12-12T06:27:00Z https://community.splunk.com/t5/Splunk-Search/lookup-query/m-p/464607#M191616 <P>Dear to4kawa , </P> <P>now it is working good , but when I saw the command you wrote, it looks the same with the one I used but I added the name of the firstColumn OUTPUTNEW secondColumn(description of the first column)</P> <P>like this:<BR /> index= xx sourcetype=ttt <BR /> |top host<BR /> |lookup xyz_lookup host OUTPUTNEW hostname(Desc)</P> Thu, 12 Dec 2019 06:47:42 GMT https://community.splunk.com/t5/Splunk-Search/lookup-query/m-p/464607#M191616 pacifikn 2019-12-12T06:47:42Z