Hello All,
I was wondering if there's a way to manage lookup files in Splunk.
What I want to do is to create/upload lookup files in Splunk and have this files saved in a location, if possible outside Splunk. And then when this lookup file get updated, it will save a new version in this location, without overwriting the old one. But in Splunk, only the updated version will remain.
I hope I make myself clear with this. 🙂
Hoping someone could help me with this.
Thanks in advance!
If it is realized only by the function of Splunk, there is a way to monitor the LOOKUP file by the Splunk server itself and acquire all the items when there is a change. You need to make sure that the beginning of the file changes.
I think that it becomes self-made such as a shell script etc. except.