Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

update data / lookup

sabinayousoubuv
New Member
‎02-19-2020 01:45 AM

Hello everyone,
I would like to get some help.

I have a LDAP in my organization, containing data of users, their authorizations, date of change etc..
I have exported a static list containing the data, and I export an updated list every once in a while.

I can't index he data again, since it will cause duplicates.

I made a lookup table and a lookup definition, but when I exported a new list and changed it from the folders in splunk, my searches didn't work anymore. There was a warning saying it could not find the file and the SID ( even though I named it the same as the old file).

It worked again only when I changed the file in the lookup table.

What can I do so when I update the list in the splunk folders I won't need to change the file in the lookup table?
Is there a way to make it automatic?

I thought of making an automatic lookup, but the whole data I need is inside the lookup table so I have nothing to write in the 'lookup input fields'.

Thank you,
Sabina.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...