I want my lookup table consisting of blacklisted IPs to be updated by ServiceNow automatically through alert rather than entering it in the EDL manually. Is there a way ?
Hi, this seems to be a prominet answer about this topic.
https://answers.splunk.com/answers/152485/can-you-create-modify-a-lookup-file-via-rest-api.html
Did this work for you ?
if it helped please accept the question 🙂
I am trying to run the query for creating a lookup table but all I get is results not found.