Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

outputlookup command not found

stehlampe69
Explorer
‎01-28-2013 07:44 AM

Hello,

eventually I'm missing something, but I've searched quite a lot.
My Problem is that I cannot use outputlookup because I get the following error:
bash: outputlookup: Command not found.
I've tried to get a watchlist with the following command:
"getwatchlist http://amada.abuse.ch/blocklist.php?download=ipblocklist delimiter=# categoryCol=2 isbad=true | outputlookup amada.csv"
The getwatchlist doesn't work like this, but with a workaround (python getwatchlist.py ...)I get the data. But the real problem is that the outputlookup isn't recognized.
If I type it in the search filed in the Splunk Web Frontend it works, but not in the console where I have to run the other command (getwatchlist).
Am I missing something to get this working on console? Any help would be nice.

Thanks in advance

Peter

Tags (1)
0 Karma
Reply

stehlampe69
Explorer
‎02-01-2013 12:39 AM

Hello again,

first: Thank you dshpritz, you've helped me to figure out what I'm missing.
second: For all who have the same HowTo and come to this post because the command didn't work.
The Command getwatchlist http://amada.abuse.ch/blocklist.php?download=ipblocklist delimiter=# categoryCol=2 isbad=true isn't getting something back, because the URI has canged. The new URI is http://www.abuse.ch/zeustracker/blocklist.php?download=ipblocklist. There is also a DNS Version of the list. Have a look: https://zeustracker.abuse.ch/blocklist.php

Happy splunking 🙂

0 Karma
Reply

dshpritz
SplunkTrust
SplunkTrust
‎01-28-2013 08:48 AM

Hey Peter,

From what you have said ("bash: outputlookup: Command not found."), it sounds like you are running getwatchlist from the shell. Getwatchlist will do this, but Splunk commands will not work. The command should be run from the Splunk web interface, via the search bar.

Here are some links that might help:

http://blogs.splunk.com/2011/08/16/getwatchlist-getting-watchlists-into-splunk-quickly-and-easily-wi...

and

http://blogs.splunk.com/2011/09/08/anonymous-proxies/

HTH,

Dave

Reply

stehlampe69
Explorer
‎02-01-2013 12:39 AM

Hello again,

first: Thank you dshpritz, you've helped me to figure out what I'm missing.
second: For all who have the same HowTo and come to this post because the command didn't work.
The Command getwatchlist http://amada.abuse.ch/blocklist.php?download=ipblocklist delimiter=# categoryCol=2 isbad=true isn't getting something back, because the URI has canged. The new URI is http://www.abuse.ch/zeustracker/blocklist.php?download=ipblocklist. There is also a DNS Version of the list. Have a look: https://zeustracker.abuse.ch/blocklist.php

Happy splunking 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...