Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Use Splunk SDK for Python to populate a lookup from a CSV file

aflick2486
Explorer
‎08-10-2017 11:53 AM

I would like to populate the data inside of a lookup file from a .csv on a local computer. Is there a way to use the Splunk API or Splunk SDK for Python to to do this? Let me know if you need other information.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

FritzWittwer_ol
Contributor
‎08-10-2017 11:41 PM

You have to get the .csv file to the search head first, see this question and this question. If you can't put the file to the search head, I would try to use the rest api to create a search with ... | outpulookup xxx, this might work for a small file, or have a universal forwarder which indexes the local file, and then a search which reads the index and writes the .csv file with an outputlookup

View solution in original post

Reply
Solved! Jump to solution

starcher
Influencer
‎08-11-2017 10:22 AM

If you really want to maintain a lookup via the rest API the lookup has to be a kvstore lookup. CSV lookups cannot be directly modified. You can use python to read in the csv file but use the REST API to control a kvstore lookup.

Similar to this:
https://github.com/georgestarcher/Splunk-ESIntel-KVStore

0 Karma
Reply
Solved! Jump to solution
Solution

FritzWittwer_ol
Contributor
‎08-10-2017 11:41 PM

You have to get the .csv file to the search head first, see this question and this question. If you can't put the file to the search head, I would try to use the rest api to create a search with ... | outpulookup xxx, this might work for a small file, or have a universal forwarder which indexes the local file, and then a search which reads the index and writes the .csv file with an outputlookup

Reply
Solved! Jump to solution

lfedak_splunk
Splunk Employee
Splunk Employee
‎08-10-2017 01:30 PM

Hey @aflick2486, Not sure if this helps, but here's a post on scripting a lookup with Python and the code has "import csv": https://answers.splunk.com/answers/145561/how-to-script-a-lookup-in-python.html

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...