Re: Do Datasets in ES ever need updating? How do I...

SamHTexas · ‎09-10-2021

I notice some include .csv files. Do these .csv s need updating? Or do they stay stale? How are Data sets updated? Please advise. Thank u very much.

richgalloway · ‎09-10-2021

ES has scheduled searches that update several of its lookup files. Which ones are you asking about?

---
If this reply helps you, Karma would be appreciated.

SamHTexas · ‎09-10-2021

Thanks for your message. I have many , some have .csv files. Am just curious if I have to manually update any so they won't get old, specially the contents of the .csv files? I appreciate your response sir.

richgalloway · ‎09-10-2021

Again, it depends on the file. Scan the list of saved searches for "Lookup Gen" to see those that update automatically. You also can search them for "outputlookup".

Once you know which are updated automatically you know which are not. Of those that are not, some will be static or nearly so. The rest may require occasional updates, depending on how they are used (if at all).

---
If this reply helps you, Karma would be appreciated.

Do Datasets in ES ever need updating? How do I update the ones that need it please? Thank u in advance.

administration

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!