Solved: Re: New to field lookup help me !

sbnoobbb · ‎07-17-2013

Hi Splunk professionals, I am new to field lookup and read the documentation about it. But I am still not sure how can I implement it with my data.

I have the weather data of many locations and example of my data is displayed below. How can I use a field lookup to check if summary is cloudy, fishing is Good, else if summary is Rain, fishing is Poor. How can I start with field lookup ? Any advises ?

Area: Woodlands
Summary: Rain
Latitude: 1.44043052
Longitude: 103.7878418

I would like to do something like this.

Ayn · ‎07-17-2013

If that's the only thing you'd want to do I'd go with eval and case instead. That said, this is core lookup functionality - lookup one value, output another - so I'm not sure what the docs aren't explaining.

View solution in original post

AlexMcDuffMille · ‎11-18-2013

I was having a hard time getting it to work, then eventaully I realized that I had a few commas in some of my fields that I was looking up. Once I got rid of those and made sure my table was good it worked well.

Ayn · ‎07-17-2013

If that's the only thing you'd want to do I'd go with eval and case instead. That said, this is core lookup functionality - lookup one value, output another - so I'm not sure what the docs aren't explaining.

sbnoobbb · ‎07-17-2013

Thanks ! I am not very sure about case (will study it tmr), but can it do like what the picture in the updated question ? Will look at it tmr morning, need to get to bed.

New to field lookup help me !

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms