Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

New field added to lookup table not displaying

johnboldt
Explorer
‎04-28-2011 10:24 AM

I'm adding a new field to an existing lookup table but it's not showing up in any searches. These are the steps I followed:

  • Added the new field to the existing lookup .csv file
  • Added the new column to the application props.conf LOOKUP
  • Restarted splunkd

The existing lookup fields are still showing up in searches, but not the new field. Am I missing a step?

csv (Dependent_Service_Call_Group is the new field)

ElapsedMetricDescription,Dependent_Service_Call,Dependent_Service_Call_Group,Target_Response_Time_At_90th,Planned_Throughput
CDB Call [CPSDRVRA] Response time:,CDB Call,Checkout,500,12000  
Standardize Address Request. Response time:,Standardize Address,Checkout,500,5000

Transforms.conf:

[Dependent_Service_Metrics_NFR_Targets]
filename = Dependent_Service_Metrics_NFR_Targets.csv

props.conf:

LOOKUP-Dependent_Service_Metrics_NFR_Targets = Dependent_Service_Metrics_NFR_Targets ElapsedMetricDescription AS ElapsedMetricDescription OUTPUTNEW Dependent_Service_Call AS Dependent_Service_Call Dependent_Service_Call_Group AS Dependent_Service_Call_Group Planned_Throughput AS Planned_Throughput Target_Response_Time_At_90th AS Target_Response_Time_At_90th
Tags (3)
0 Karma
Reply

hazekamp
Builder
‎04-28-2011 10:32 AM

John,

There could be a number of reasons for this, including OUTPUT vs. OUTPUTNEW. Can you post a few lines of your csv, your props, and an example event?

David

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...