Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Automatic lookup field not displayed

sc0tt
Builder
‎12-23-2013 06:06 AM

I created the below automatic lookup through Splunk 6 web. 

app_info host AS host gate AS gate OUTPUTNEW app AS app

If I use this lookup in a search it works as expected. However, when simply searching the source the output field is not displayed.

Am I missing something?

Tags (3)
0 Karma
Reply

aelliott
Motivator
‎12-23-2013 08:01 AM

I've found that the automatic lookups don't work with apps that they are not created under. Either 1 you will need to move the config settings to system, or 2 create the same lookup again for each app(and upload multiple csv files)

Here is some info on setting it up to be in system instead of a specific app:
http://docs.splunk.com/Documentation/Splunk/6.0/Knowledge/Addfieldsfromexternaldatasources

Reply

jeremiahc4
Builder
‎08-01-2014 08:07 AM

Agreed, I just created my entire lookup (table, definition, and automatic lookup) in the app I want it in and it isn't showing the automatic lookup. Did you ever find an answer for this?

0 Karma
Reply

sc0tt
Builder
‎12-26-2013 07:00 AM

Thanks. I've done this but it still doesn't seem that it is working. I guess I need to look into this more and do some more testing.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...