Splunk Search

Which command works better to see lookup fields in fields sidebar?

dannyzen
Explorer

In order to view lookup fields in the fields sidebar which command would be used to get faster results. I know to use inputlookup to verify data but as far as viewing fields in sidebar, which command would be used?

0 Karma
1 Solution

sbbadri
Motivator

@dannyzen

if you use this command | lookup yourcsv.csv field1 OUTPUTNEW field2 field3 .. It will show up outputed fields in the fields sidebar. If you want to see in interesting section , click on all fields link at the top field sidebar and check the required fields you want.

View solution in original post

0 Karma

sbbadri
Motivator

@dannyzen

if you use this command | lookup yourcsv.csv field1 OUTPUTNEW field2 field3 .. It will show up outputed fields in the fields sidebar. If you want to see in interesting section , click on all fields link at the top field sidebar and check the required fields you want.

0 Karma

dannyzen
Explorer

Thank you!

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...