Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you find the properties/metadata of a lookup file via REST API?

koshyk
Super Champion
‎01-31-2019 05:19 AM

We have certain automated lookup files, which get updated by various feeds. Any chance to get the properties of these lookup files like last modified, size ? i.e. metadata about the lookup file using REST API?

As per Splunk API, i checked below properties endpoint, but it can drill down up-to the list of lookup files and not specific lookup/csv files. The last_updated field is incorrect in this endpoint and hence this doesn't work. I'm looking for a similar one

| rest splunk_server=local /services/properties/lookups/
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

DMohn
Motivator
‎01-31-2019 05:26 AM

Have you tried | rest splunk_server=local /servicesNS/-/-/data/lookup-table-files

View solution in original post

Reply
Solved! Jump to solution
Solution

DMohn
Motivator
‎01-31-2019 05:26 AM

Have you tried | rest splunk_server=local /servicesNS/-/-/data/lookup-table-files

Reply
Solved! Jump to solution

koshyk
Super Champion
‎01-31-2019 05:30 AM

Thank you mate. This one is correct and the updated timestamp seems correct.

Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...