Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Does Splunk Log if a lookup file is modified?

AndySplunks
Communicator
‎10-04-2019 06:17 AM

Does Splunk generate logs when a lookup file is modified?

I have some searches that use lookup files. I'd like to monitor when the lookup file is modified.

Tags (1)
0 Karma
Reply

rbar16
Explorer
‎06-24-2020 11:45 AM

@AndySplunks  The following search will show you the lookup files within Splunk and the last updated date.

| rest splunk_server=local /servicesNS/-/-/data/lookup-table-files
| table title updated

This search is for when they are actually edited:
index=_internal "Lookup edited successfully" |table _time namespace lookup_file user

Reply

jacobpevans
Motivator
‎10-04-2019 07:12 AM

Greetings @AndySplunks,

If you navigate to the lookup in the Lookup Editor app, is there a "Revert to previous version" button? I don't know exactly how it works (i.e. what triggers a backup), but Splunk does, in some cases, save backups in a subfolder of the lookup directory on the file system. I'm fairly confident that there is always a backup saved when lookups are modified via the "import" feature. Outside of that, I'm not sure.

Cheers,
Jacob

Cheers,
Jacob

If you feel this response answered your question, please do not forget to mark it as such. If it did not, but you do have the answer, feel free to answer your own post and accept that as the answer.
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...