I just got the Lookup Editor app and I created a test kvstore lookup (or rather a collection since this app doesn't actually create lookups) and there was no option to have the owner be nobody.
After I created the test collection, I immediately started putting in test data which all worked fine. The problem I have is that when I selected my collection in the interface, it brought up data "Showing all entries for: [my_user]" but the data itself was up in under user: "nobody".
Why is this? Can we just set the owner to either our logged in user or nobody? Did I miss that option and why did it put in the data under the user nobody and not my personal user?
I am running Splunk Enterprise 6.4 and I just downloaded the Lookup Editor App today.
Any help would be appreciated.
This is based upon the way that the KV store works in Splunk Enterprise. The KV store itself allows data to be stored by user. You don't have to select this up front, the KV store always supports having rows by user.
However, the rows that inputlookup and outputlookup work with are the nobody user. This why the nobody user is shown by default in the editor.
This is based upon the way that the KV store works in Splunk Enterprise. The KV store itself allows data to be stored by user. You don't have to select this up front, the KV store always supports having rows by user.
However, the rows that inputlookup and outputlookup work with are the nobody user. This why the nobody user is shown by default in the editor.