Splunk Search

Lookup table outputs not appearing in main window of search app

smileyge
Path Finder

When I do a search on events and lookup to a file, I get all the outputs on the left as fields and I can filter and see data on them, but the output fields do not appear in the event data itself int he main window or exports of that data. How do I get the Lookup table output fields to show there as well?

Tags (2)
0 Karma
1 Solution

smileyge
Path Finder

Interesting, one must use the As to define it as a local variable to use it in the main window, otherwise the field is only available in the filters on the left hand side. Maybe that's a bug.

So
| lookup user output UserGroup - does not work
| lookup user output UserGroup as UserGroup - works

View solution in original post

0 Karma

smileyge
Path Finder

Interesting, one must use the As to define it as a local variable to use it in the main window, otherwise the field is only available in the filters on the left hand side. Maybe that's a bug.

So
| lookup user output UserGroup - does not work
| lookup user output UserGroup as UserGroup - works

0 Karma
Get Updates on the Splunk Community!

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...