Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How do I delete lookup file (CSV) from a lookup li...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do I delete lookup file (CSV) from a lookup lists using query?
Hi All,
When i run this query |rest services/data/lookup-table-files I get a list of CSV data.
From that, i want to delete one specific csv . How can i achieve this?
I tried |rest services/data/lookup-table-files |where title="hari.csv" |delete but I didn't get it.
Can you please help me with this?
Thanks in advance 🙂
Harish
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @harishalipaka,
If you want to delete lookup CSV file using REST API then you need to use REST API DELETE request which you can't achieve with command which you mentioned, may be you can create custom command which pass lookup file name from REST API GET output to python script (You need to create this script) and script will run REST API DELETE request from that output.
Below is command which is working fine for me in my lab, in below command USERNAME and APP_NAME you need to provide explicitly, you can't use - (wildcard)
curl -vk -u admin:password --request DELETE https://localhost:8089/servicesNS/<USERNAME>/<APP_NAME>/data/lookup-table-files/test.csv
EDIT: Updated curl command
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I specified curl -vk -u admin:password --request DELETE https://sh-ip-address:8089/servicesNS///data/lookup-table-files/test.csv
Anyone got the following in a clustered SH env?
<msg type="ERROR">Object id=test.csv cannot be deleted in config=lookups.</msg>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @niketn , @somesoni2 , @martin_mueller , @kamlesh_vaghela , @woodcock , @493669
Please help for this.
Harish
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@harishalipaka try the Lookup Editor App
| makeresults | eval message= "Happy Splunking!!!"
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
