Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do lookups work in Splunk? Can you lookup a value and use the corresponding value to its left and vice versa?

HattrickNZ
Motivator
‎08-13-2015 07:49 PM

How do lookups work in Splunk?

I presume it works like this, lookupA is the value you are looking for and ValueToReplaceLookup is the value that is returned.

lookupA,ValueToReplaceLookup
A,America
B,Beijing
C,Columbia

But can it also work this way; looking up a value and the value is returned is to the left of it. E.g. lookupA is the value you are looking for and ValueToReplaceLookup is the value that is returned, but ValueToReplaceLookup will be on the left as opposed to the right?

ValueToReplaceLookup,lookupA,
America,A
Beijing,B
Columbia,C

Just wondering if I should be formatting my data accordingly before uploading it to Splunk for doing lookups.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎08-13-2015 10:47 PM

Luckily, Splunk is not Excel. Lookups work per line, not from left to right, so the order of colums doesn't matter at all.

Did you know you can also lookup more than one value? And that you can write your own .csv file from splunk with one search and look stuff up there with another search? Lookup in Splunk is actually fun! 🙂

View solution in original post

Reply
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎08-13-2015 10:47 PM

Luckily, Splunk is not Excel. Lookups work per line, not from left to right, so the order of colums doesn't matter at all.

Did you know you can also lookup more than one value? And that you can write your own .csv file from splunk with one search and look stuff up there with another search? Lookup in Splunk is actually fun! 🙂

Reply
Solved! Jump to solution

HattrickNZ
Motivator
‎08-16-2015 02:09 PM

tks, good to know, now I just need to find examples where I can use that them other ways you mention of using lookups

0 Karma
Reply
Solved! Jump to solution

HattrickNZ
Motivator
‎08-16-2015 06:45 PM

this here might be an example of how I can apply lookups further mentioned above?

0 Karma
Reply
Solved! Jump to solution

pradeepkumarg
Influencer
‎08-13-2015 08:48 PM

You don't have to format it. Column position does not matter.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...