I am trying to view a lookup file that has the sharing set on this app only from another app than it is defined.
Is there anyway to achieve this without changing the permission in the GUI?
This is the SPL i'm running but it skips the lookup files that aren't being shared.
Maybe temporary set the sharing to global and set it back or something
| rest splunk_server=local /servicesNS/-/-/data/lookup-table-files | fields title eai:acl.owner eai:acl.app | where !match(title,"\.mlmodel") | rename eai:acl.* as * | map [ | inputlookup $title$ | foreach * [ | eval b_<<FIELD>>=len(<<FIELD>>) + 1 ] | addtotals b_* fieldname=b | stats sum(eval(b/1024/1024)) as mb | eval name="$title$", owner="$owner$", app="$app$" ] maxsearches=1000