Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk DB Connect: Why am I unable to perform a lookup to enhance my dbquery results?

dstaulcu
Builder
‎12-02-2015 07:07 PM

I'd like to be able to enhance DB Connect results with details in a lookup table file.

For some reason, the lookup is not working. I know the host field exists both in my dbquery results and my lookup table file. Here is the syntax I am using:

| dbquery "myconnection" "mysqlquery" 
| fields host interestingvalue 
| lookup hostdetails.csv host OUTPUT interestinghostdetail

Anyone have any ideas why this isn't working / wouldn't work?

Inputs appreciated!

0 Karma
Reply

ckurtz
Path Finder
‎12-03-2015 10:51 AM

Make sure that the lookup of hostdetails.csv is available inside the DBXv1 app context.

0 Karma
Reply

woodcock
Esteemed Legend
‎12-03-2015 10:46 AM

Try without fields.

0 Karma
Reply

javiergn
Super Champion
‎12-03-2015 05:40 AM

I would do it differently and using subsearches and inputlookup:

| inputlookup hostdetails
| search [| dbquery "myconnection" "mysqlquery" | table host interestingvalue]
Reply

javiergn
Super Champion
‎12-03-2015 05:43 AM

Keep in mind you could have the dbquery first and then filter based on your inputlookup

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...