Re: csv file usage

shrinivaskittur · ‎12-28-2021

Hi,

I need help in evaluation the csv files under "<Splunk directory>\etc\apps\search\lookups" folder. we have multiple csv files in this folder and I need to check which csv file is not in use or used for which search so that unused csv file can be deleted.

richgalloway · ‎12-28-2021

If you have access to the search head's file system then use grep to search $SPLUNK_HOME/etc/apps/*/local/savedsearches.conf and $SPLUNK_HOME/etc/apps/*/local/transforms.conf for instances of each CSV file name. Files not referenced are not used.

In case you missed a reference to a CSV, move it temporarily to a different directory so it can be replaced if later found to be needed.

---
If this reply helps you, Karma would be appreciated.

shrinivaskittur · ‎01-02-2022

thank you, but how do I check this on windows based search heads.

richgalloway · ‎01-02-2022

I use Ubuntu for Windows. You also can use PowerShell

Select-string -Pattern "<text>"  <filepattern> -Simplematch

---
If this reply helps you, Karma would be appreciated.

ITWhisperer · ‎12-28-2021

Can you not use file explorer and list the date accessed information?

csv file usage

lookup

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Join the Conversation

csv file usage

lookup

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience