Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Lookup and setting default values using a variable if an entry is not found in the lookup table

sandmountain
Explorer
‎09-28-2023 06:56 AM

I have the following Query:

index=obh_prod sourcetype=obh:edge:api proxy!="ow*" |
lookup blink_six_providers ProviderId as pxrq_h_x-corapi-target-id
OUTPUT ProviderId ProviderName | fillnull value=target_id ProviderId ProviderName | dedup ProviderName ProviderId | table ProviderId ProviderName

If no values are found ProviderId, ProviderName should both get the value of pxrq_h_x-corapi-target-id.

If actually now produces:

ProviderId ProviderName

pxrq_h_x-corapi-target-idpxrq_h_x-corapi-target-idIIDP06300Valiant Bank AGIIDP00761Aargauische Kantonalbank

 

 

 

If should produce the following if the xrq_h_x-corapi-target-id e.g. contains IIDP099999 and this value is not found in the lookup. How do I get the contents of the variable and  not the name of the variable itself?

 

ProviderId ProviderName
IIDP099999IIDP099999
IIDP06300Valiant Bank AGIIDP00761Aargauische Kantonalbank

 

Labels (3)
Labels
0 Karma
Reply

sandmountain
Explorer
‎09-28-2023 06:59 AM

If should produce the following if the xrq_h_x-corapi-target-id e.g. contains IIDP099999 and this value is not found in the lookup. How do I get the contents of the variable and  not the name of the variable itself?

 

ProviderId ProviderName

IIDP099999IIDP099999
IIDP06300My Bank AG
0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...