Splunk Search

Is there any other way other than the Lookup Editor to edit and manage lookup files?

jvmerilla
Path Finder

Hello All,

I was wondering if there's a way to manage lookup files in Splunk.

What I want to do is to create/upload lookup files in Splunk and have this files saved in a location, if possible outside Splunk. And then when this lookup file get updated, it will save a new version in this location, without overwriting the old one. But in Splunk, only the updated version will remain.

I hope I make myself clear with this. 🙂

Hoping someone could help me with this.

Thanks in advance!

0 Karma

HiroshiSatoh
Champion

If it is realized only by the function of Splunk, there is a way to monitor the LOOKUP file by the Splunk server itself and acquire all the items when there is a change. You need to make sure that the beginning of the file changes.

I think that it becomes self-made such as a shell script etc. except.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...