How to find the related search of lookup file

kteng2024 · ‎12-05-2017

Hi,

Below query is using the CSV, can I please know how the CSV file is being generated like whether is there any query that is generating it , etc.

| inputlookup webaccess.csv | tail 14 | reverse

somesoni2 · ‎12-05-2017

If you've file system access, you can search for that lookup file in $Splunk_home/etc/apps and $Splunk_home/etc/users directory (cd to that directory and grep) on your search head.

If you've sufficient access to run the | rest command, try this (run on your search head)

| rest splunk_server=local /servicesNS/-/-/saved/searches | table title eai:acl.app eai:acl.owner search | where match(search,"outputlookup\s+webaccess\.csv")

kteng2024 · ‎12-05-2017

Thank you so much and for quick reply.. your search worked and it is what i am looking for.

somesoni2 · ‎12-05-2017

Glad to be of help. Don't forget to close the question by accepting the answer that worked for you.

ddrillic · ‎12-05-2017

As @richgalloway said at How to create a lookup table from search

-- Take a look at the outputlookup command at outputlookup

How to find the related search of lookup file

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability for AI

Are you a member of the Splunk Community?

How to find the related search of lookup file

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability for AI