Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to append new row with few different values kv store?

sivaranjiniG
Path Finder
‎09-13-2023 01:38 PM

Here is my kv store lookup 

name rating comment experience  subject
A 3 good 4 math
B 4 very good 7 science

 

now i want to append new row like this with different rating

name rating comment experience  subject
A 3 good 4 math
B 4 very good 7 science
A 5 Excellent  4 math

 

i am trying to use 

 

 

| inputlookup table_a
      |search name="A" |eval rating=5 ,comment="Execellent" key=_key| outputlookup  append=true  key_field=key table_a

 

 

But this is not working..Please someone help me with this..

 

Thanks

Labels (1)
Labels
0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎09-13-2023 04:47 PM

In what way is it not working?

You are setting key_field to the key from the original record - which is what you would do if you are trying to update an existing row in the table, but you actually want to append a new row. Remove the key_field=key, but keep the append=true

 

0 Karma
Reply

sivaranjiniG
Path Finder
‎09-13-2023 07:20 PM

I tried it too.its not working

should i enable anything or add any property while creating lookup file

0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎09-13-2023 08:24 PM

Are you talking about lookup files or kv stores?

Can you describe what is not 'working' and give an example of what you see when you try the commands

 

0 Karma
Reply

sivaranjiniG
Path Finder
‎09-13-2023 09:37 PM

Its KV store..

when i try to add a row its updating the existing row

example, instead of this output i am getting

nameratingcommentexperience subject
A3good4math
B4very good7science
A5Excellent 4math

this,

nameratingcommentexperience subject
A5Excellent4math
B4very good7science

 

I tried these 2 solutions, I thought i dont have write access but i have i can update the  file but not able to add a new row

 

| inputlookup table_a
      |search name="A" |eval rating=5 ,comment="Execellent" key=_key| outputlookup  append=true  key_field=key table_a

-----------------------------

| inputlookup table_a
      |search name="A" |eval rating=5 ,comment="Execellent" | outputlookup  append=true table_a

 

 

0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎09-14-2023 12:24 AM

You are not doing what I suggested in my first response 

Remove the key_field=_key

You are explicitly telling it to update the SAME row in KV store

0 Karma
Reply

sivaranjiniG
Path Finder
‎09-14-2023 05:36 AM

Please read the my previous response fully...I have tried in both ways

Anyways thanks for your response. I found a solution 

 

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...