All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why can I not create a collection with no owner in the Lookup File Editor App for Splunk Enterprise?

jsilverbears
Path Finder
‎10-10-2016 04:05 PM

I just got the Lookup Editor app and I created a test kvstore lookup (or rather a collection since this app doesn't actually create lookups) and there was no option to have the owner be nobody.

After I created the test collection, I immediately started putting in test data which all worked fine. The problem I have is that when I selected my collection in the interface, it brought up data "Showing all entries for: [my_user]" but the data itself was up in under user: "nobody".

Why is this? Can we just set the owner to either our logged in user or nobody? Did I miss that option and why did it put in the data under the user nobody and not my personal user?

I am running Splunk Enterprise 6.4 and I just downloaded the Lookup Editor App today.

Any help would be appreciated.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

LukeMurphey
Champion
‎10-12-2016 09:09 AM

This is based upon the way that the KV store works in Splunk Enterprise. The KV store itself allows data to be stored by user. You don't have to select this up front, the KV store always supports having rows by user.

However, the rows that inputlookup and outputlookup work with are the nobody user. This why the nobody user is shown by default in the editor.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

LukeMurphey
Champion
‎10-12-2016 09:09 AM

This is based upon the way that the KV store works in Splunk Enterprise. The KV store itself allows data to be stored by user. You don't have to select this up front, the KV store always supports having rows by user.

However, the rows that inputlookup and outputlookup work with are the nobody user. This why the nobody user is shown by default in the editor.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...