Knowledge Management

What is the difference between a standard lookup and an Enterprise Security managed lookup?

pdenorch
Engager

I'm not having any luck finding what the functional differences are between a lookup created in splunk core ( Settings > Lookups > add new) that lives in the ES app context, and a managed lookup created from the content management page ( ES > configure > Content Management > Create New Content ). 

I have created and experimented with both and I can't find any functional difference. The documentation describes how to create managed lookups but I'm not finding anything on what the point is. 

Labels (1)
0 Karma
1 Solution

starcher
Influencer

All managed means is you can edit the lookup with the  UI editor in ES. As long as it’s not too large. 

View solution in original post

gcusello
SplunkTrust
SplunkTrust

Hi @pdenorch,

they are both lookups that you can edit using the Lookup Editor App and/or use in your searches, inside and outside ES.

The only difference is that the ES Managed Lookups are part of ES, so the lookup itself and the generating searches are inside ES and you can enable or disable inside ES instead using the Settings menu.

Ciao.

Giuseppe

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @pdenorch,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma

starcher
Influencer

All managed means is you can edit the lookup with the  UI editor in ES. As long as it’s not too large. 

Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...