- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
nandipatisunil
Path Finder
11-01-2013
05:15 PM
Does Splunk support looking up multiple inputs at the same time.
I have an advanced Query which has something line
Select ... from Table
where field1 = $input_1$ and field2 = $input2$
what is the search query syntax? trying something like
... | lookup lookup_name input_1, input2 output output_1
and getting an error
Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
11-02-2013
12:55 AM
Try something like below:
...|lookup lookup_name input_1 as field1, input_2 as field2 OUTPUT yourcolumninlookuptooutput
Where input_1 and input_2 are fieldname in the lookupfile and field1 and field2 are your fields in events.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
11-02-2013
12:55 AM
Try something like below:
...|lookup lookup_name input_1 as field1, input_2 as field2 OUTPUT yourcolumninlookuptooutput
Where input_1 and input_2 are fieldname in the lookupfile and field1 and field2 are your fields in events.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
nandipatisunil
Path Finder
11-04-2013
09:36 AM
Thanks soni.
