I have a LDAP in my organization, containing data of users, their authorizations, date of change etc..
I have exported a static list containing the data, and I export an updated list every once in a while.
I can't index he data again, since it will cause duplicates.
I made a lookup table and a lookup definition, but when I exported a new list and changed it from the folders in splunk, my searches didn't work anymore. There was a warning saying it could not find the file and the SID ( even though I named it the same as the old file).
It worked again only when I changed the file in the lookup table.
What can I do so when I update the list in the splunk folders I won't need to change the file in the lookup table?
Is there a way to make it automatic?
I thought of making an automatic lookup, but the whole data I need is inside the lookup table so I have nothing to write in the 'lookup input fields'.