Re: Dynamic lookup file

MrJohn230 · ‎01-23-2024

I have a file that's updated every 5 minutes, it's populated my capturing a value in a URL using python code. (the value is "OK" or "bad"). I want to use the new file (that created every 5 minutes) in a splunk classic dashboard. I'm using the splunk cloud enterprise, and I'm not sure how to go about automating this process.

Is there a way to update/replace a file in the lookup table files? Or some other way I can go about adding in the new file after every refresh to the dashboard?

gcusello · ‎01-23-2024

Hi @MrJohn230 ,

if you have a file so frequently updated, in my opinion, the best solution is to load every version of the file in an index and use as events, in this way, taking only the last version of the data, you'll always have updated data.

Ciao.

Giuseppe

PickleRick · ‎01-23-2024

Either Splunk Cloud or Splunk Enterprise. There is no such thing as Splunk Cloud Enterprise.

Also why do you want it to be a lookup? You can easily just use events in your table.

MrJohn230 · ‎01-24-2024

@PickleRick I'm using splunk enterprise. I wasn't sure of the best approach here, sounds like I can use events, not sure how I can go about doing this but I'll do more research.

Dynamic lookup file

Classic dashboard

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation