Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

can i use the or condition in lookups ??

rakesh_498115
Motivator
‎10-22-2012 03:02 AM

Hi..

My Keyword , value
ABC A
ABC B
ABC C
XYZ D

These are the values that i have in lookup table..for the values "A","B",and "C" i have to replace with keyword "ABC" ..Now suppose value "A" has 10 occurences , "B" has 5 occurences and "C" has 2 occurences..

When i use the top command with the Mykeyword .it has to show the following stats for me..
say ..

ABC 17 (here 17 is the summation of 10 ,5 and 2 )
XYZ (some value)

how can i do this ??? Is it possible to give a OR condition in lookup table ??

Please help ..

Tags (1)
0 Karma
Reply

lguinn2
Legend
‎10-22-2012 02:00 PM

Why not do 

... | top myKeyword by value

instead of 

.... | top myKeyword

Also, it would be helpful if you showed your exact searches, and possibly a sample of some "real" data. This is a bit abstract and difficult to follow. So my answer is just a guess.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...