Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can we use eventtypes defined in splunk in lookups?

ashwinipatil198
Explorer
‎01-21-2015 08:59 AM

Hi,

I have defined an eventtype in Splunk for a particular search. I defined a lookup which had this eventtype as a key value to retrieve data. Based on this eventtype, i was fetching error_type and error_message from the lookup file. But i was not able to fetch the same. Please suggest.

Tags (2)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎01-21-2015 09:34 PM

Should work. Say you have a lookup like this:

eventtype,error_type,error_message
foo,"some error","some message"

Then this search should yield results:

eventtype=foo | lookup eventtype_lookup eventtype OUTPUT error_type error_message | table _time eventtype error_type error_message
0 Karma
Reply

somesoni2
Revered Legend
‎01-21-2015 09:18 AM

Could you please provide more details on how you're using the eventtype in lookup? Possible a sample search that you wrote and didn't work?

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...