Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

outputlookup command not found

stehlampe69
Explorer
‎01-28-2013 07:44 AM

Hello,

eventually I'm missing something, but I've searched quite a lot.
My Problem is that I cannot use outputlookup because I get the following error:
bash: outputlookup: Command not found.
I've tried to get a watchlist with the following command:
"getwatchlist http://amada.abuse.ch/blocklist.php?download=ipblocklist delimiter=# categoryCol=2 isbad=true | outputlookup amada.csv"
The getwatchlist doesn't work like this, but with a workaround (python getwatchlist.py ...)I get the data. But the real problem is that the outputlookup isn't recognized.
If I type it in the search filed in the Splunk Web Frontend it works, but not in the console where I have to run the other command (getwatchlist).
Am I missing something to get this working on console? Any help would be nice.

Thanks in advance

Peter

Tags (1)
0 Karma
Reply

stehlampe69
Explorer
‎02-01-2013 12:39 AM

Hello again,

first: Thank you dshpritz, you've helped me to figure out what I'm missing.
second: For all who have the same HowTo and come to this post because the command didn't work.
The Command getwatchlist http://amada.abuse.ch/blocklist.php?download=ipblocklist delimiter=# categoryCol=2 isbad=true isn't getting something back, because the URI has canged. The new URI is http://www.abuse.ch/zeustracker/blocklist.php?download=ipblocklist. There is also a DNS Version of the list. Have a look: https://zeustracker.abuse.ch/blocklist.php

Happy splunking 🙂

0 Karma
Reply

dshpritz
SplunkTrust
SplunkTrust
‎01-28-2013 08:48 AM

Hey Peter,

From what you have said ("bash: outputlookup: Command not found."), it sounds like you are running getwatchlist from the shell. Getwatchlist will do this, but Splunk commands will not work. The command should be run from the Splunk web interface, via the search bar.

Here are some links that might help:

http://blogs.splunk.com/2011/08/16/getwatchlist-getting-watchlists-into-splunk-quickly-and-easily-wi...

and

http://blogs.splunk.com/2011/09/08/anonymous-proxies/

HTH,

Dave

Reply

stehlampe69
Explorer
‎02-01-2013 12:39 AM

Hello again,

first: Thank you dshpritz, you've helped me to figure out what I'm missing.
second: For all who have the same HowTo and come to this post because the command didn't work.
The Command getwatchlist http://amada.abuse.ch/blocklist.php?download=ipblocklist delimiter=# categoryCol=2 isbad=true isn't getting something back, because the URI has canged. The new URI is http://www.abuse.ch/zeustracker/blocklist.php?download=ipblocklist. There is also a DNS Version of the list. Have a look: https://zeustracker.abuse.ch/blocklist.php

Happy splunking 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...