Solved: lookup multi value

ChetanArgekar · ‎09-19-2020

I have multiple devices in a given location maintaining it lookup table with location and device.

Using location from index I am trying to get device list but output is coming in single row. I want list of devices as separate row. How to achieve it.

My query is like this

index =myindex

| lookup mylookup location OUTPUT devices

| table devices

ChetanArgekar · ‎09-19-2020

Solved.

index = myindex

| lookup mylookup location OUTPUT devices

| stats count(devices) by location, devices

| table devices

View solution in original post

gcusello · ‎09-19-2020

Hi @ChetanArgekar,

please, try something like this:

index =myindex
| append [ | inputlookup mylookup | fields location devices ]
| stats values(devices) AS devices by location
| mvexpand devices

Ciao.

Giuseppe

ChetanArgekar · ‎09-19-2020

thanks

It is giving only one device of location. I want list of every device of the location in separate row

ChetanArgekar · ‎09-19-2020

Solved.

index = myindex

| lookup mylookup location OUTPUT devices

| stats count(devices) by location, devices

| table devices

lookup multi value

fields

table

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update