csv file usage

shrinivaskittur · ‎12-28-2021

Hi,

I need help in evaluation the csv files under "<Splunk directory>\etc\apps\search\lookups" folder. we have multiple csv files in this folder and I need to check which csv file is not in use or used for which search so that unused csv file can be deleted.

richgalloway · ‎12-28-2021

If you have access to the search head's file system then use grep to search $SPLUNK_HOME/etc/apps/*/local/savedsearches.conf and $SPLUNK_HOME/etc/apps/*/local/transforms.conf for instances of each CSV file name. Files not referenced are not used.

In case you missed a reference to a CSV, move it temporarily to a different directory so it can be replaced if later found to be needed.

---
If this reply helps you, Karma would be appreciated.

shrinivaskittur · ‎01-02-2022

thank you, but how do I check this on windows based search heads.

richgalloway · ‎01-02-2022

I use Ubuntu for Windows. You also can use PowerShell

Select-string -Pattern "<text>"  <filepattern> -Simplematch

---
If this reply helps you, Karma would be appreciated.

ITWhisperer · ‎12-28-2021

Can you not use file explorer and list the date accessed information?

csv file usage

lookup

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

csv file usage

lookup

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...