Splunk Enterprise Security

Do Datasets in ES ever need updating? How do I update the ones that need it please? Thank u in advance.

SamHTexas
Builder

I notice some include .csv files. Do these .csv s need updating? Or do they stay stale? How are Data sets updated? Please advise. Thank u very much.

Labels (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

ES has scheduled searches that update several of its lookup files.  Which ones are you asking about?

---
If this reply helps you, Karma would be appreciated.
0 Karma

SamHTexas
Builder

Thanks for your message. I have many , some have .csv files. Am just curious if I have to manually update any so they won't get old, specially the contents of the .csv files? I appreciate your response sir.

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Again, it depends on the file.  Scan the list of saved searches for "Lookup Gen" to see those that update automatically.  You also can search them for "outputlookup".

Once you know which are updated automatically you know which are not.  Of those that are not, some will be static or nearly so.  The rest may require occasional updates, depending on how they are used (if at all).

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...