Re: Take a backup of lookup file

sarahnazzar · ‎02-15-2023

Hello Splunkers!

I'm trying to take a backup of a lookup file(file.csv) and create a backup file(file_backup.csv) and schedule the search on daily basis, the below query will only run and overwrite the old backup file but I want the scheduled search to run only when the new entries are added to the file.csv.

|inputlookup file.csv |outputlookup file_backup.csv

Also, I want to add 2 new columns (user who edited the lookup and time when it was edited) in the backup lookup

Original file: file.csv

column1 column2

Backup file file_backup.csv generated using the scheduled search should have the below

column1 column2 time user

Any thoughts please?

Cheers!

ITWhisperer · ‎02-15-2023

How do you know which user updated the file and when they did it?

sarahnazzar · ‎02-16-2023

Tried pulling using the rest query but it doesn't give me what they have updated

|rest /servicesNS/-/-/data/lookup-table-files/

I want to have the user and time against the entry they have added in the lookup

ITWhisperer · ‎02-16-2023

If you have no control over the editing process, how are you going to determine who did what and when?

How to take a backup of lookup file?

using Splunk Enterprise

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

Everything Community at .conf24!

Index This | I’m short for "configuration file.” What am I?