Re: Update a lookup file via REST

Damien_Dallimor · ‎02-16-2012

I want to be able to update an existing csv lookup file (that resides within the lookups directory of a custom app on a searchhead) by uploading the updated file from the local machine(via a custom widget that uses the REST api)

I see there is a REST endpoint similar to this but requires the the lookup file to be published to a staging area on the Splunk server and doesn't allow you to target the destination app.

ziegfried · ‎02-22-2012

You could add a custom REST endpoint to Splunk that handles the file upload and updates the lookup CSV file.

twinspop · ‎12-10-2013

Did you ever create this functionality? Can you share?

Damien_Dallimor · ‎02-22-2012

Cheers Z... I think that will be the approach.

Ayn · ‎02-20-2012

There's another REST endpoint that seems to be addressing this exact thing: http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTknowledge#POST_data.2Ftransforms.2Flo...

Ayn · ‎02-20-2012

Hm, true. Sorry!

Damien_Dallimor · ‎02-20-2012

I don't see how this endpoint can be used to update an existing csv file, as in the contents of the existing lookup file.
The endpoint you mentioned is just for updating the lookup definition.

Update a lookup file via REST

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Join the Conversation