Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to add a new column to the existing lookup using lookup editor

mchoudhary
Explorer
3 weeks ago

Hi,
Can someone help me understand how to add a new column to an exisiting lookup (its a kvstore lookup) using the lookup editor app.
I can see option to add a new row but for adding a column it says on the top of the page : " Select the table to see editing options. To add a new column, select tab." but I am unable to locate any tab option

mchoudhary_0-1759766912068.png

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
3 weeks ago

See here

https://help.splunk.com/en/splunk-cloud-platform/manage-knowledge-objects/splunk-app-for-lookup-file...

Seems like there's a known bug

Date filed Issue number Description

2025-03-18LOOKUP-304

Unable to Update KV Store Lookups in Splunk App for Lookup File Editor (v4.0.5)

 

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
3 weeks ago

Wording in this instruction is quite confusing.  If I were writing the app, I'd change to

Right-click any element in the table to see row editing options.  Right-click a column header to see column editing options.



0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
2 weeks ago

@bowesmana is correct: You currently cannot add column to KVstore-based lookup.  I am not convinced that this is a bug though.  It is more like a missing feature. (Based on UI design, new column is never included as an action despite what that in-line instruction says.  That misguided instruction, on the other hand, is a legitimate bug.  The UI should have detected the context and not mention column when the lookup is KV-store based.)

Practically speaking, you can export, delete, create a new one and repopulate based on the export.

Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...