Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

I have two tables "order.csv" and "delivery.csv". How can I use lookup command to check the delivery status based on the product?

Madhan45
Path Finder
‎07-15-2015 11:28 PM
  1. delivery.csv contains the fields- key,name,product,price
  2. order.csv contains the fields- key,shipdate,location,delivery_status,price
Tags (2)
0 Karma
Reply

woodcock
Esteemed Legend
‎07-16-2015 06:04 AM

You can begin a search with a pipe command, but only if that command creates events, which inputlookup does. So a search like this should work:

  | inputlookup delivery.csv | lookup order.csv key OUTPUT delivery_status | where delivery_status="failed"
0 Karma
Reply

HeinzWaescher
Motivator
‎07-15-2015 11:31 PM

Do you want to have it like this?

 | inputlookup delivery.csv
 | lookup order.csv key OUTPUT delivery_status
0 Karma
Reply

Madhan45
Path Finder
‎07-16-2015 01:14 AM

I want to find out the "name" where delivery_status is "failed".

Before this command do i need to add index=*?

can u give me a exact command?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...