- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
adamsmith47
Communicator
04-18-2018
10:16 AM
I feel like I'm having a brain dead moment. I've been scratching my head over this one...
Essentially, I want to perform a lookup command using the current events in my results. I realize I could generate a lookup table first, then perform my search using that lookup table, but that would complicate several aspects of a process I'm building which I would like to avoid.
Example:
<... my_search>
| table employeeID employeeName managerID
with results...
employeeID employeeName managerID
000001 Doe, John 000002
000002 Doe, Jane 000003
000003 Bossman, Mr. -
I would like to create another field managerName, which looks at the current results of <... my_search>, finds where an employeeID matches a managerID, and reads employeeName as managerName. So I could get:
<... my_search>
| table employeeID employeeName managerID managerName
with results like...
employeeID employeeName managerID managerName
000001 Doe, John 000002 Doe, Jane
000002 Doe, Jane 000003 Bossman, Mr.
000003 Bossman, Mr. - -
Any help is greatly appreciated!
Thanks.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
elliotproebstel
Champion
04-18-2018
10:32 AM
I think this should work for you:
your current search
| join type=outer managerID
[ your current search
| fields employeeID employeeName
| rename employeeName AS managerName
| rename employeeID AS managerID ]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
elliotproebstel
Champion
04-18-2018
10:32 AM
I think this should work for you:
your current search
| join type=outer managerID
[ your current search
| fields employeeID employeeName
| rename employeeName AS managerName
| rename employeeID AS managerID ]
