Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Hi Team, what is the search query to remove the first two rows from lookup table

aaa2324
Explorer
‎10-28-2020 11:01 PM

Tried inputlookup=abc | search NOT “row value” ,, but still getting the rows 

I want to remove the entire two rows (first and second ) ; please help

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-29-2020 12:11 AM

Hi @aaa2324,

let me understand: do you want to have ad search results all the lookup rows but not the first two rows or to delete the first two rows of a lookup?

in first case, you could run something like this:

| inputlookup abc.csv start=2
| table *

in the second case, you have to add the outputlookup command at the end of the search, something like this:

| inputlookup abc.csv start=2
| table *
| outputlookup abc.csv

You can find more infos at https://docs.splunk.com/Documentation/Splunk/8.1.0/SearchReference/Inputlookup

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...