Lookup Splunk

Use the Lookup Command to Invoke Field Value Lookups

About Lookups

Lookups allow you to enrich your data by mapping values from one field to another. This can be useful for adding context or additional information to your events.

Types of Lookups

There are several types of lookups available in Splunk Web:

• File-based CSV lookups
• Database lookups
• REST API lookups
• Inline lookups

Example

 | lookup mylookup field1 as field2 

This example would perform a file-based CSV lookup on the field field1 and add the resulting value to the field field2.

Creating Lookups in Splunk Web

You can create lookups in Splunk Web through the Settings pages for lookups.

1. Log into Splunk Web.
2. Click the Settings icon in the top right corner.
3. Select Lookups.
4. Click the New Lookup button.
5. Select the type of lookup you want to create.
6. Configure the lookup settings.
7. Click the Save button.

Using Lookups

Once you have created a lookup, you can use it in your searches by using the lookup command.

 | lookup mylookup field1 as field2 

This example would perform a lookup on the field field1 using the lookup mylookup and add the resulting value to the field field2.

Additional Resources

• Splunk Documentation: Lookups
• Splunk Blog: Using Lookups in Splunk