- News & Education
- :
- Training & Certification
- :
- Training + Certification Discussions
- :
- Can you help me with the lab exercise for module 1...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you help me with the lab exercise for module 12 in the Splunk Fundamentals course 1?
I am working through the Lab exercise for Module 12 of the Fundamentals 1 course. I was forced to resort to using the answers section of the lab instructions because I could not get the fields from the products_lookup.csv file to show up in the fields list after running this query:
index=main sourcetype=access_combined_wcookie status=200 file=success.do | lookup products_lookup productId as productId OUTPUT product_name as ProductName
The events for this query are returned, but the fields from the lookup table are not put in the fields list. Has anyone experienced this issue before?
I can successfully see the Lookup file fields by running: '| inputlookup products_lookup'
I am using the free version of splunk :
Version: 7.2.0
Build: 8c86330ac18
any help will be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Post the results of this search:
|inputlookup products_lookup | head 1
And this search:
index=main sourcetype=access_combined_wcookie status=200 file=success.do
| head 10 | fieldsummary
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm brand new to splunk and ran across your question while I was trying to solve the same issue....here is the query that I got to finally work . You should try using the actual name of the csv file and see if it works - that seems to be the only difference between our searches:
host=web_application sourcetype=access_combined_wcookie status=200 file=success.do | lookup products.csv productId as productId OUTPUT product_name as ProductName
this also works (adding in index=main)
index=main host=web_application sourcetype=access_combined_wcookie status=200 file=success.do | lookup products.csv productId as productId OUTPUT product_name as ProductName
I did have a similar issue to you at first. I did end up going through the whole thing again, maybe you missed a step: try going to settings | lookups | [lookup definitions] and make sure you have a similar entry to this:
product_lookup file productId,product_name,categoryId,price,Code products.csv [username] search
Thanks for posting your question, it was helpful to me to see your search string. I also went back and rewatched the video and followed along. In retrospect, it would have been way more useful to follow along with the labs WHILE watching the video.
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
