Re: Dynamic lookup file

MrJohn230 · ‎01-23-2024

I have a file that's updated every 5 minutes, it's populated my capturing a value in a URL using python code. (the value is "OK" or "bad"). I want to use the new file (that created every 5 minutes) in a splunk classic dashboard. I'm using the splunk cloud enterprise, and I'm not sure how to go about automating this process.

Is there a way to update/replace a file in the lookup table files? Or some other way I can go about adding in the new file after every refresh to the dashboard?

gcusello · ‎01-23-2024

Hi @MrJohn230 ,

if you have a file so frequently updated, in my opinion, the best solution is to load every version of the file in an index and use as events, in this way, taking only the last version of the data, you'll always have updated data.

Ciao.

Giuseppe

PickleRick · ‎01-23-2024

Either Splunk Cloud or Splunk Enterprise. There is no such thing as Splunk Cloud Enterprise.

Also why do you want it to be a lookup? You can easily just use events in your table.

MrJohn230 · ‎01-24-2024

@PickleRick I'm using splunk enterprise. I wasn't sure of the best approach here, sounds like I can use events, not sure how I can go about doing this but I'll do more research.

Dynamic lookup file

Classic dashboard

Enterprise Security Content Update (ESCU) | New Releases

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

It’s go time — Boston, here we come!

Are you a member of the Splunk Community?

Dynamic lookup file

Classic dashboard

Enterprise Security Content Update (ESCU) | New Releases

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

It’s go time — Boston, here we come!