Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do lookups work in Splunk? Can you lookup a value and use the corresponding value to its left and vice versa?

HattrickNZ
Motivator
‎08-13-2015 07:49 PM

How do lookups work in Splunk?

I presume it works like this, lookupA is the value you are looking for and ValueToReplaceLookup is the value that is returned.

lookupA,ValueToReplaceLookup
A,America
B,Beijing
C,Columbia

But can it also work this way; looking up a value and the value is returned is to the left of it. E.g. lookupA is the value you are looking for and ValueToReplaceLookup is the value that is returned, but ValueToReplaceLookup will be on the left as opposed to the right?

ValueToReplaceLookup,lookupA,
America,A
Beijing,B
Columbia,C

Just wondering if I should be formatting my data accordingly before uploading it to Splunk for doing lookups.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎08-13-2015 10:47 PM

Luckily, Splunk is not Excel. Lookups work per line, not from left to right, so the order of colums doesn't matter at all.

Did you know you can also lookup more than one value? And that you can write your own .csv file from splunk with one search and look stuff up there with another search? Lookup in Splunk is actually fun! 🙂

View solution in original post

Reply
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎08-13-2015 10:47 PM

Luckily, Splunk is not Excel. Lookups work per line, not from left to right, so the order of colums doesn't matter at all.

Did you know you can also lookup more than one value? And that you can write your own .csv file from splunk with one search and look stuff up there with another search? Lookup in Splunk is actually fun! 🙂

Reply
Solved! Jump to solution

HattrickNZ
Motivator
‎08-16-2015 02:09 PM

tks, good to know, now I just need to find examples where I can use that them other ways you mention of using lookups

0 Karma
Reply
Solved! Jump to solution

HattrickNZ
Motivator
‎08-16-2015 06:45 PM

this here might be an example of how I can apply lookups further mentioned above?

0 Karma
Reply
Solved! Jump to solution

pradeepkumarg
Influencer
‎08-13-2015 08:48 PM

You don't have to format it. Column position does not matter.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...