Knowledge Management

What is the difference between a standard lookup and an Enterprise Security managed lookup?

pdenorch
Engager

I'm not having any luck finding what the functional differences are between a lookup created in splunk core ( Settings > Lookups > add new) that lives in the ES app context, and a managed lookup created from the content management page ( ES > configure > Content Management > Create New Content ). 

I have created and experimented with both and I can't find any functional difference. The documentation describes how to create managed lookups but I'm not finding anything on what the point is. 

Labels (1)
0 Karma
1 Solution

starcher
SplunkTrust
SplunkTrust

All managed means is you can edit the lookup with the  UI editor in ES. As long as it’s not too large. 

View solution in original post

gcusello
Esteemed Legend

Hi @pdenorch,

they are both lookups that you can edit using the Lookup Editor App and/or use in your searches, inside and outside ES.

The only difference is that the ES Managed Lookups are part of ES, so the lookup itself and the generating searches are inside ES and you can enable or disable inside ES instead using the Settings menu.

Ciao.

Giuseppe

0 Karma

gcusello
Esteemed Legend

Hi @pdenorch,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

Tags (1)
0 Karma

starcher
SplunkTrust
SplunkTrust

All managed means is you can edit the lookup with the  UI editor in ES. As long as it’s not too large. 

Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...