Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Are transitive lookups supported?

hulahoop
Splunk Employee
Splunk Employee
‎01-15-2011 12:23 AM

I am looking to take the results of one lookup and use that as input to another lookup for the same data source. Is this possible? In testing with Splunk 4.1 I was not able to get it working, but perhaps I missed something in the config. Here's what I attempted:

[mydatasource]
LOOKUP-ac1 = AreaCodeToCityLookup areacode OUTPUT city
LOOKUP-ac2 = CityToCoordinatesLookup city OUTPUT latitude, longitude

Both lookups are simple CSV lookups.

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

araitz
Splunk Employee
Splunk Employee
‎01-15-2011 12:39 AM

I don't think this is possible because of the way that lookups are evaluated, but Dr. Z or Sorkin might know better.

In any case, I would recommend that the lookups be combined or that you invoke the second lookup in a search.

View solution in original post

Reply
Solved! Jump to solution
Solution

araitz
Splunk Employee
Splunk Employee
‎01-15-2011 12:39 AM

I don't think this is possible because of the way that lookups are evaluated, but Dr. Z or Sorkin might know better.

In any case, I would recommend that the lookups be combined or that you invoke the second lookup in a search.

Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...
Top