- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am using Splunk 6.2.2 and Enterprise Security 3.1.1.
I have a bunch of threat lists (the actual URLs are lookups to local csv files: lookup://threatlist_lookup ).
If i update the csv, I notice that Splunk ES doesn't immediately use the new version of the threatlist, but the old one. Only after some time does it "refresh" those lists using the new data.
How can I force Splunk to check if a "new version" of the csv files are available?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A debug refresh could help. Within a browser open your equivalent of http_//SPLUNKSERVER:8000/en-GB/debug/refresh
Another approach can be found in the answer from @bmacias84 in this topic:
http://answers.splunk.com/answers/86564/updating-lookup-table-data-externally-auto-magically.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A debug refresh could help. Within a browser open your equivalent of http_//SPLUNKSERVER:8000/en-GB/debug/refresh
Another approach can be found in the answer from @bmacias84 in this topic:
http://answers.splunk.com/answers/86564/updating-lookup-table-data-externally-auto-magically.html
