Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Update lookup files

karthik7411
New Member
‎07-10-2012 08:32 AM

hi, i have already uploaded a csv lookup file to the splunk indexer. Now i want to add more entries to the csv file. i goto the destination where it is stored on the indexer and open it and edit and save it and restart splunk. then from my web interface if i do a | input lookup the newly added entries are not displayed. Can some one help me out??

Thanks in Advance!!!

Tags (3)
0 Karma
Reply

Kate_Lawrence-G
Contributor
‎07-10-2012 12:05 PM

Hi,

Lookup tables are typically stored at the search head and not the indexer. Is this an indexer & search head instance (i.e. doing both?)

You can verify lookups from the search head by going under the Manager -> Lookups ad see where you file is listed and can verify the file contents by logging into the box and taking a look at that path.

@Kate

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...