Solved: scheduled update of a lookup file.

daktapaal · ‎01-13-2014

Dear Splunkers.
I have a form, where I am loading a drop down, using a lookup file, that searches the top products. I am using.

><![CDATA[|inputlookup top-products.csv]]>

The top-products.csv is a result of outputting the search results of the top products.

I then use one of the products selected in the drop down for creating a search string. All works fine. I now need to make sure I always get the correct and updated set of products in the drop down. This probably requires me to run the search " Search-Product" above, regularly like every day, so that I can get the updated results every day..

Is there a way to schedule a search like :
index = "ssh" | dedup product | table product | outputlookup products-table.csv

on a daily basis or hourly basis?

Dak

aholzer · ‎01-13-2014

Yes. Save your search. Go to Manager > saved searches > edit the saved search related to this. Click the check box labeled "schedule this search", and it'll expand all the options you have available for scheduling a search to run automatically.

Hope this helps.

View solution in original post

aholzer · ‎01-13-2014

Yes. Save your search. Go to Manager > saved searches > edit the saved search related to this. Click the check box labeled "schedule this search", and it'll expand all the options you have available for scheduling a search to run automatically.

Hope this helps.

Ayn · ‎01-13-2014

Converted your answering comment to a proper answer, again.

scheduled update of a lookup file.

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Are you a member of the Splunk Community?

scheduled update of a lookup file.

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk