Re: Take a backup of lookup file

sarahnazzar · ‎02-15-2023

Hello Splunkers!

I'm trying to take a backup of a lookup file(file.csv) and create a backup file(file_backup.csv) and schedule the search on daily basis, the below query will only run and overwrite the old backup file but I want the scheduled search to run only when the new entries are added to the file.csv.

|inputlookup file.csv |outputlookup file_backup.csv

Also, I want to add 2 new columns (user who edited the lookup and time when it was edited) in the backup lookup

Original file: file.csv

column1 column2

Backup file file_backup.csv generated using the scheduled search should have the below

column1 column2 time user

Any thoughts please?

Cheers!

ITWhisperer · ‎02-15-2023

How do you know which user updated the file and when they did it?

sarahnazzar · ‎02-16-2023

Tried pulling using the rest query but it doesn't give me what they have updated

|rest /servicesNS/-/-/data/lookup-table-files/

I want to have the user and time against the entry they have added in the lookup

ITWhisperer · ‎02-16-2023

If you have no control over the editing process, how are you going to determine who did what and when?

How to take a backup of lookup file?

using Splunk Enterprise

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability