Knowledge Management

How is the outputlookup command is configured?

Explorer

Does anyone know how the outputlookup command is configured? commands.conf does not reference a python script for it. I want to change how new files are created so that they are private and assigned to an owner. 

Labels (1)
Tags (2)
0 Karma
1 Solution

Explorer

Decided to resolve the issue by creating a custom command to reassign lookup files from nobody to their proper owner based on results of splunk search. 

View solution in original post

0 Karma

Explorer

Decided to resolve the issue by creating a custom command to reassign lookup files from nobody to their proper owner based on results of splunk search. 

View solution in original post

0 Karma

SplunkTrust
SplunkTrust
Outputlookup is a built-in command without an external Python script.
---
If this reply helps you, an upvote would be appreciated.
0 Karma

Explorer

Thanks @richgalloway for your response. I was wondering if there is a way to modify Splunk's built in commands or at least override them with my own process. I have  a custom command that I have created that does what I want the outputlookup command to do but it would require all users to use the new command. Ideally, I would allow users to continue with the outputlookup command but change how it functions so that new files are stored in the etc/<user>/<app>/lookups directory instead of the etc/<app>/lookups directory. 

0 Karma

SplunkTrust
SplunkTrust

There's no way to override a built-in command.  Your uses will have to learn to use myoutputlookup just as they once learned to use outputlookup.

---
If this reply helps you, an upvote would be appreciated.
0 Karma