Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get the latest entry from a lookup table?

mcram52
New Member
‎06-19-2019 02:25 PM

I'm creating a chart which includes the use of a lookup table file, but I only want it to pull up the latest entry for a field. How would I do this? So far I just have this:

| lookup Packaging_User_Targets.csv Username as username OUTPUT Daily_Individual_Goal as Target
| fields username Completed Target

Right now this is pulling up all the 'Target' results for that user, including previous days, but I only want it to include the results from that day. Sorry if this is a repeat, I'm new and having a hard time trying to use answers from different situations.

Tags (4)
0 Karma
Reply

woodcock
Esteemed Legend
‎06-20-2019 04:00 PM

The easiest way is to create a time-based lookup definition against your existing lookup file:

https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Defineatime-basedlookupinSplunkWeb

0 Karma
Reply
Get Updates on the Splunk Community!

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out >> 🏆 Check out the ...

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...