Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is the difference between a standard lookup and an Enterprise Security managed lookup?

pdenorch
Engager
‎10-26-2022 03:19 PM

I'm not having any luck finding what the functional differences are between a lookup created in splunk core ( Settings > Lookups > add new) that lives in the ES app context, and a managed lookup created from the content management page ( ES > configure > Content Management > Create New Content ). 

I have created and experimented with both and I can't find any functional difference. The documentation describes how to create managed lookups but I'm not finding anything on what the point is. 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

starcher
Influencer
‎10-26-2022 04:30 PM

All managed means is you can edit the lookup with the  UI editor in ES. As long as it’s not too large. 

View solution in original post

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-26-2022 11:53 PM

Hi @pdenorch,

they are both lookups that you can edit using the Lookup Editor App and/or use in your searches, inside and outside ES.

The only difference is that the ES Managed Lookups are part of ES, so the lookup itself and the generating searches are inside ES and you can enable or disable inside ES instead using the Settings menu.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-27-2022 11:33 PM

Hi @pdenorch,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

Tags (1)
0 Karma
Reply
Solved! Jump to solution
Solution

starcher
Influencer
‎10-26-2022 04:30 PM

All managed means is you can edit the lookup with the  UI editor in ES. As long as it’s not too large. 

Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...