Solved: advanced lookup settings - multiple inputs

nandipatisunil · ‎11-01-2013

Does Splunk support looking up multiple inputs at the same time.
I have an advanced Query which has something line

Select ... from Table
where field1 = $input_1$ and field2 = $input2$

what is the search query syntax? trying something like
... | lookup lookup_name input_1, input2 output output_1

and getting an error
Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table.

somesoni2 · ‎11-02-2013

Try something like below:

...|lookup lookup_name input_1 as field1, input_2 as field2 OUTPUT yourcolumninlookuptooutput

Where input_1 and input_2 are fieldname in the lookupfile and field1 and field2 are your fields in events.

somesoni2 · ‎11-02-2013

Try something like below:

...|lookup lookup_name input_1 as field1, input_2 as field2 OUTPUT yourcolumninlookuptooutput

Where input_1 and input_2 are fieldname in the lookupfile and field1 and field2 are your fields in events.

nandipatisunil · ‎11-04-2013

Thanks soni.

advanced lookup settings - multiple inputs