Solved: Re: Are transitive lookups supported?

hulahoop · ‎01-15-2011

I am looking to take the results of one lookup and use that as input to another lookup for the same data source. Is this possible? In testing with Splunk 4.1 I was not able to get it working, but perhaps I missed something in the config. Here's what I attempted:

[mydatasource]
LOOKUP-ac1 = AreaCodeToCityLookup areacode OUTPUT city
LOOKUP-ac2 = CityToCoordinatesLookup city OUTPUT latitude, longitude

Both lookups are simple CSV lookups.

araitz · ‎01-15-2011

I don't think this is possible because of the way that lookups are evaluated, but Dr. Z or Sorkin might know better.

In any case, I would recommend that the lookups be combined or that you invoke the second lookup in a search.

View solution in original post

araitz · ‎01-15-2011

I don't think this is possible because of the way that lookups are evaluated, but Dr. Z or Sorkin might know better.

In any case, I would recommend that the lookups be combined or that you invoke the second lookup in a search.

Are transitive lookups supported?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Join the Conversation