Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is outputlookup command atomic?

lukasz92
Communicator
‎08-17-2016 06:35 AM

Hi,

Do you know if "outputlookup" is an atomic operation (for both kvstores and csv files)?

I have something like: | inputlookup xyz | (many commands) | outputlookup xyz
I need a guarantee that xyz lookup is either replaced with a new version or left untouched (in case of stopping search, system crash etc).

0 Karma
Reply

gfuente
Motivator
‎08-18-2016 07:16 AM

Hello

From this doc:

http://dev.splunk.com/view/SP-CAAAEY7

Kv Store operations apply to individual records:

Perform Create-Read-Update-Delete (CRUD) operations on individual records using the Splunk REST API and lookups using the Splunk search language.

While the csv files are rewrited entirely:

Requires a full rewrite of a file for edit operations.

So, I would say that the csv files are rewrited completely or not touched, while updating a KV Store could be partial. That´s my understanding from that estatements

Hope it helps

Regards

0 Karma
Reply

mtranchita
Communicator
‎08-18-2016 06:34 AM

Maybe not an answer but thinking this through...
Each search generates artifacts in the dispatch directory. As I understand it each search artifacts are a csv with the results of the search. Each pipe does 'something' to the csv file in a linear way.
Don't know if this is true but using that logic the csv file would need to be completed before it hit the outputlookp pipe.

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...