Splunk Search

Can a lookup be recreated and use the existing lookup definition?

leftinnerouter
Explorer

The scenario is, 

A lookup csv has become unreadable. A lookup definition exists for it.

The lookup was deleted and recreated. The existing definition was not changed.

 

My question is: Can a lookup be recreated and use the existing lookup definition?

Labels (1)
0 Karma
1 Solution

bowesmana
SplunkTrust
SplunkTrust

I lookup definition just points to a CSV on the file system. If that CSV is broken in some way and 'replaced' on the file system, then the new one will be used. It may required the Splunk environment to be refreshed, there may be a caching issue there, but if you are unable to refresh the environment easily, then simply upload the new CSV and change the associated filename in the lookup definition to use the new CSV. In a clustered environment the lookup will need to be propagated between the search heads during replication.

 

 

View solution in original post

0 Karma

bowesmana
SplunkTrust
SplunkTrust

I lookup definition just points to a CSV on the file system. If that CSV is broken in some way and 'replaced' on the file system, then the new one will be used. It may required the Splunk environment to be refreshed, there may be a caching issue there, but if you are unable to refresh the environment easily, then simply upload the new CSV and change the associated filename in the lookup definition to use the new CSV. In a clustered environment the lookup will need to be propagated between the search heads during replication.

 

 

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...