Splunk Search

New to field lookup help me !

Path Finder

Hi Splunk professionals, I am new to field lookup and read the documentation about it. But I am still not sure how can I implement it with my data.

I have the weather data of many locations and example of my data is displayed below. How can I use a field lookup to check if summary is cloudy, fishing is Good, else if summary is Rain, fishing is Poor. How can I start with field lookup ? Any advises ?

Area: Woodlands
Summary: Rain
Latitude: 1.44043052
Longitude: 103.7878418

I would like to do something like this.

1 Solution

Legend

If that's the only thing you'd want to do I'd go with eval and case instead. That said, this is core lookup functionality - lookup one value, output another - so I'm not sure what the docs aren't explaining.

View solution in original post

Communicator

I was having a hard time getting it to work, then eventaully I realized that I had a few commas in some of my fields that I was looking up. Once I got rid of those and made sure my table was good it worked well.

0 Karma

Legend

If that's the only thing you'd want to do I'd go with eval and case instead. That said, this is core lookup functionality - lookup one value, output another - so I'm not sure what the docs aren't explaining.

View solution in original post

Path Finder

Thanks ! I am not very sure about case (will study it tmr), but can it do like what the picture in the updated question ? Will look at it tmr morning, need to get to bed.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!