Solved: Re: Are transitive lookups supported?

hulahoop · ‎01-15-2011

I am looking to take the results of one lookup and use that as input to another lookup for the same data source. Is this possible? In testing with Splunk 4.1 I was not able to get it working, but perhaps I missed something in the config. Here's what I attempted:

[mydatasource]
LOOKUP-ac1 = AreaCodeToCityLookup areacode OUTPUT city
LOOKUP-ac2 = CityToCoordinatesLookup city OUTPUT latitude, longitude

Both lookups are simple CSV lookups.

araitz · ‎01-15-2011

I don't think this is possible because of the way that lookups are evaluated, but Dr. Z or Sorkin might know better.

In any case, I would recommend that the lookups be combined or that you invoke the second lookup in a search.

View solution in original post

araitz · ‎01-15-2011

I don't think this is possible because of the way that lookups are evaluated, but Dr. Z or Sorkin might know better.

In any case, I would recommend that the lookups be combined or that you invoke the second lookup in a search.

Are transitive lookups supported?

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers

Are you a member of the Splunk Community?

Are transitive lookups supported?

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers