The visualization shows the result with productdescription field instead of productid. Now we use the Lookup field in the search query as shown below. Then check the box for productid which will automatically add the productdescription field from the lookup file also. This is done my going to New search → All Fields. A multivalue field is a field that contains more than one value. Next, we need to select the lookup field for our search query. Next, we check the availability of the lookup definition we added by going to Settings → Lookups → Lookup Definition. We do this by again going to Settings → Lookups → Lookup Definition → Add New. Create Lookup Definitionsįor a search query to be able to lookup values from the Lookup file we just uploaded above, we need to create a lookup definition. On clicking the save button, the file gets saved to the Splunk repository as a lookup file. The subsequent columns should contain the additional data. We also keep the same destination file name. The first column of the CSV file should contain the field you want to use as the key for the lookup. We browse to select the file productidvals.csv as our lookup file to be uploaded and select search as our destination app. We select lookup table files as shown below. This command is useful when a single field has multiple pieces of data within it that can. Next, we add the lookup file to Splunk environment by using the Settings screens as shown below −Īfter selecting the Lookups, we are presented with a screen to create and configure lookup. Splunk Values CommandSplunk Application Performance Monitoring. Here, we have kept the name of the first field as productid which is same as the field we are going to use from the dataset. I want to be able to search urimethod for multiple values with wildcard. The last line is where I am getting stuck. We create a lookup file with the following details. I am producing some stats in splunk but I want to extract data for about 10 urimethod instead of 100s currently displayed in the table. This field is just a number, but we want product names to be reflected in our query result set. We consider the dataset with host as web_application, and look at the productid field. In order to successfully create a lookup field in a dataset, we need to follow the below steps − Create Lookup File ![]() The advantage is, we retrieve the related values from two different data sets. Such linking of values of one field to a field with same name in another dataset using equal values from both the data sets is called a lookup process. But if we list the product name along with the product id, that gives us a good report where we understand the meaning of the search result. These numbers will not give us any idea of what kind of product it is. For example, we may get a field which lists the value of product id as a numeric result. In the result of a search query, we sometimes get values which may not clearly convey the meaning of the field.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |