Reporting
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What Splunk server should contain the lookup tables for all servers to use?

SamHTexas
Builder
‎03-12-2021 09:44 AM

What Splunk server should contain the lookup tables for all servers to use?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎03-12-2021 01:26 PM

If the SH is part of a cluster then, yes, put the lookup file on one of them and the SH will replicate it to others.

If the SHs are not clustered then you'll have to create the lookup on all of them.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

SamHTexas
Builder
‎03-12-2021 12:43 PM

Great, so do I create lookup tables only on one SH or all please?

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎03-12-2021 01:26 PM

If the SH is part of a cluster then, yes, put the lookup file on one of them and the SH will replicate it to others.

If the SHs are not clustered then you'll have to create the lookup on all of them.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎03-12-2021 12:37 PM

Lookup files are stored on search heads.  They're sent to indexers as part of the search bundle.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...
Top