Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to append new row with few different values kv store?

sivaranjiniG
Path Finder
‎09-13-2023 01:38 PM

Here is my kv store lookup 

name rating comment experience  subject
A 3 good 4 math
B 4 very good 7 science

 

now i want to append new row like this with different rating

name rating comment experience  subject
A 3 good 4 math
B 4 very good 7 science
A 5 Excellent  4 math

 

i am trying to use 

 

 

| inputlookup table_a
      |search name="A" |eval rating=5 ,comment="Execellent" key=_key| outputlookup  append=true  key_field=key table_a

 

 

But this is not working..Please someone help me with this..

 

Thanks

Labels (1)
Labels
0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎09-13-2023 04:47 PM

In what way is it not working?

You are setting key_field to the key from the original record - which is what you would do if you are trying to update an existing row in the table, but you actually want to append a new row. Remove the key_field=key, but keep the append=true

 

0 Karma
Reply

sivaranjiniG
Path Finder
‎09-13-2023 07:20 PM

I tried it too.its not working

should i enable anything or add any property while creating lookup file

0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎09-13-2023 08:24 PM

Are you talking about lookup files or kv stores?

Can you describe what is not 'working' and give an example of what you see when you try the commands

 

0 Karma
Reply

sivaranjiniG
Path Finder
‎09-13-2023 09:37 PM

Its KV store..

when i try to add a row its updating the existing row

example, instead of this output i am getting

nameratingcommentexperience subject
A3good4math
B4very good7science
A5Excellent 4math

this,

nameratingcommentexperience subject
A5Excellent4math
B4very good7science

 

I tried these 2 solutions, I thought i dont have write access but i have i can update the  file but not able to add a new row

 

| inputlookup table_a
      |search name="A" |eval rating=5 ,comment="Execellent" key=_key| outputlookup  append=true  key_field=key table_a

-----------------------------

| inputlookup table_a
      |search name="A" |eval rating=5 ,comment="Execellent" | outputlookup  append=true table_a

 

 

0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎09-14-2023 12:24 AM

You are not doing what I suggested in my first response 

Remove the key_field=_key

You are explicitly telling it to update the SAME row in KV store

0 Karma
Reply

sivaranjiniG
Path Finder
‎09-14-2023 05:36 AM

Please read the my previous response fully...I have tried in both ways

Anyways thanks for your response. I found a solution 

 

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...