How to append new row with few different values kv...

sivaranjiniG · ‎09-13-2023

Here is my kv store lookup

name	rating	comment	experience	subject
A	3	good	4	math
B	4	very good	7	science

now i want to append new row like this with different rating

name	rating	comment	experience	subject
A	3	good	4	math
B	4	very good	7	science
A	5	Excellent	4	math

i am trying to use

| inputlookup table_a
      |search name="A" |eval rating=5 ,comment="Execellent" key=_key| outputlookup  append=true  key_field=key table_a

But this is not working..Please someone help me with this..

Thanks

bowesmana · ‎09-13-2023

In what way is it not working?

You are setting key_field to the key from the original record - which is what you would do if you are trying to update an existing row in the table, but you actually want to append a new row. Remove the key_field=key, but keep the append=true

sivaranjiniG · ‎09-13-2023

I tried it too.its not working

should i enable anything or add any property while creating lookup file

bowesmana · ‎09-13-2023

Are you talking about lookup files or kv stores?

Can you describe what is not 'working' and give an example of what you see when you try the commands

sivaranjiniG · ‎09-13-2023

Its KV store..

when i try to add a row its updating the existing row

example, instead of this output i am getting

name	rating	comment	experience	subject
A	3	good	4	math
B	4	very good	7	science
A	5	Excellent	4	math

this,

name	rating	comment	experience	subject
A	5	Excellent	4	math
B	4	very good	7	science

I tried these 2 solutions, I thought i dont have write access but i have i can update the file but not able to add a new row

| inputlookup table_a
      |search name="A" |eval rating=5 ,comment="Execellent" key=_key| outputlookup  append=true  key_field=key table_a

-----------------------------

| inputlookup table_a
      |search name="A" |eval rating=5 ,comment="Execellent" | outputlookup  append=true table_a

bowesmana · ‎09-14-2023

You are not doing what I suggested in my first response

Remove the key_field=_key

You are explicitly telling it to update the SAME row in KV store

sivaranjiniG · ‎09-14-2023

Please read the my previous response fully...I have tried in both ways

Anyways thanks for your response. I found a solution

cadrija · ‎10-24-2024

@sivaranjiniG Please let us know the solution as we are facing the same task.

DanielPi · ‎10-24-2024

Hi @cadrija,

I’m a Community Moderator in the Splunk Community.

This question was posted 1 year ago, so it might not get the attention you need for your question to be answered. We recommend that you post a new question so that your issue can get the visibility it deserves. To increase your chances of getting help from the community, follow these guidelines in the Splunk Answers User Manual when creating your post.

Thank you!

How to append new row with few different values kv store?

kvstore

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation