Re: Dynamic lookup file

MrJohn230 · ‎01-23-2024

I have a file that's updated every 5 minutes, it's populated my capturing a value in a URL using python code. (the value is "OK" or "bad"). I want to use the new file (that created every 5 minutes) in a splunk classic dashboard. I'm using the splunk cloud enterprise, and I'm not sure how to go about automating this process.

Is there a way to update/replace a file in the lookup table files? Or some other way I can go about adding in the new file after every refresh to the dashboard?

gcusello · ‎01-23-2024

Hi @MrJohn230 ,

if you have a file so frequently updated, in my opinion, the best solution is to load every version of the file in an index and use as events, in this way, taking only the last version of the data, you'll always have updated data.

Ciao.

Giuseppe

PickleRick · ‎01-23-2024

Either Splunk Cloud or Splunk Enterprise. There is no such thing as Splunk Cloud Enterprise.

Also why do you want it to be a lookup? You can easily just use events in your table.

MrJohn230 · ‎01-24-2024

@PickleRick I'm using splunk enterprise. I wasn't sure of the best approach here, sounds like I can use events, not sure how I can go about doing this but I'll do more research.

Dynamic lookup file

Classic dashboard

other

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)