Solved: Dynamic lookup file name in Transforms.conf

sscandoit · ‎08-15-2011

Hi,

We have a cron job which periodically updates the lookup file. The file name is of the format lookup_mmddyyyy.csv where mmddyyyy is date on which the file is generated. Currently I manually change the file name to lookup.csv since the transforms.conf has following:

[AppLogLookup]

case_sensitive_match=false

filename=lookup.csv

Is there any way I give the name with date? for e.g.

[AppLogLookup]

case_sensitive_match=false

filename=lookup_mmddyyyy.csv

Appreciate all the help.

Thanks,
Suvelee

Linegod · ‎01-25-2012

If it were me, I would symbolically link the 'lookup.csv' to your updated lookup_mmddyyy.csv' when you create it to make it work.

View solution in original post

Linegod · ‎01-25-2012

If it were me, I would symbolically link the 'lookup.csv' to your updated lookup_mmddyyy.csv' when you create it to make it work.

sscandoit · ‎01-25-2012

Thanks a lot. That's an easy solution.

Dynamic lookup file name in Transforms.conf

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation