×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
bzacher
Engager
Member since: ‎04-16-2012
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎04-16-2012
View All

How to reload inputlookup csv file used in a saved...

by in Reporting
‎04-22-2014 07:13 AM
1 Karma
‎04-22-2014 07:13 AM
1 Karma
Hi, i am using serveral saved realitime searches for detecting bad requests on the webservers. To exclude some ip addresses, I saved them in a csv file and included it with the command "inputlookup". For example: source="/var/log/httpd/vhost.log" uri_query="*bad_keyword*" NOT [ | inputlookup www_ip_whitelist.csv] | top limit=100 clientip | search count>10 As I understood the csv file is only readed once, when the search is saved. What should I do, if I have an updated list in the csv file? Now I am disableing and reenable the saved searches. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All