Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Do Datasets in ES ever need updating? How do I update the ones that need it please? Thank u in advance.

SamHTexas
Builder
‎09-10-2021 06:49 AM

I notice some include .csv files. Do these .csv s need updating? Or do they stay stale? How are Data sets updated? Please advise. Thank u very much.

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-10-2021 08:32 AM

ES has scheduled searches that update several of its lookup files.  Which ones are you asking about?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

SamHTexas
Builder
‎09-10-2021 09:12 AM

Thanks for your message. I have many , some have .csv files. Am just curious if I have to manually update any so they won't get old, specially the contents of the .csv files? I appreciate your response sir.

Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-10-2021 10:05 AM

Again, it depends on the file.  Scan the list of saved searches for "Lookup Gen" to see those that update automatically.  You also can search them for "outputlookup".

Once you know which are updated automatically you know which are not.  Of those that are not, some will be static or nearly so.  The rest may require occasional updates, depending on how they are used (if at all).

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...