Splunk Search

Where I can find the outputlookup files in the Splunk instance??

skuma30
New Member

I am having some trouble with locating the lookup files, can some one please help me?

0 Karma

DalJeanis
SplunkTrust
SplunkTrust

Just in case you aren't yet familiar with the interface, and are asking a much more basic question -

1) Near the top right of the splunk screen there is a drop-down called "settings". Underneath that, there is a selection "lookups". Click that, then you can see a lookup file list by app.

2) to test if the outputlookup file was really created and has anything in it, you can try something like this search

|inputlookup mylookupname | head 5
0 Karma

hunters_splunk
Splunk Employee
Splunk Employee

Hi skuma30,

File-based lookups are located in $Splunk_Home/etc/apps//lookups .
The lookup stanzas are defined in transforms.conf and props.conf.

Hope this helps. Thanks!
Hunter

0 Karma

skuma30
New Member

Thanks for the reply....

0 Karma

somesoni2
Revered Legend

From the outputlookup documentation page:

For CSV-based lookups, if the lookup file does not exist, it is created in the lookups directory of the current application. If the lookup file already exists, it is overwritten with the results of the outputlookup command.

So I would look at directory $SPLUNK_HOME/etc/apps/<<YourCurrentAppNameHere>>/lookups.

0 Karma

skuma30
New Member

Thanks for the reply......

0 Karma

woodcock
Esteemed Legend

If you are new, YourCurrentAppNameHere is probably search.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...