All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Update Log Lookup File Editor

Carolina
Engager
‎08-27-2019 11:29 AM

Hi,
I am working with the app lookup File Editor and When I search in the log, I only find the following
Who update the file ? or When update the file?

I need to see which field to update.
It is possible?

Regards

0 Karma
Reply

solarboyz1
Builder
‎08-27-2019 01:18 PM

I don't believe Splunk audit logs will audit the changes to that level.

The only way I can think of determining the details would be to compare the lookup file contents by comparing the backup versions.

A log entry should show that a backup was created. You could correlate the backup file version to the change (search for "A backup of the lookup file was created"). However, I'm don't know of a way to access the backup lookup file via a Search.

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...