Solved: Re: Can we update a lookup CSV file through a URL ...

skhan28 · ‎10-13-2020

I have CSV inventory file which is dynamic and same needs to updated in splunk manually, Is there a way to integrate the URL with splunk to update lookup file

skhan28 · ‎10-14-2020

Thanks @inventsekar for the solution, but we are using splunk cloud which is managed by Splunk so will they allow us to perform these steps in splunk server, Will they grant us access for splunk cloud

View solution in original post

inventsekar · ‎10-13-2020

Hi @skhan28 .. i assume that the inventory file is dynamic and you are manually loading this file to splunk and using it as a lookup file.

to avoid the manual file uploading, you can create the file directly at the lookup files location(thru some script or the application which creates the file can save/send to this path )

$SPLUNK_HOME\etc\apps\<yourApp>\lookups\lookup-name.csv

once its done, you can use the "lookup" or "inputlookup" commands

skhan28 · ‎10-14-2020

Thanks @inventsekar for the solution, but we are using splunk cloud which is managed by Splunk so will they allow us to perform these steps in splunk server, Will they grant us access for splunk cloud

inventsekar · ‎10-14-2020

Hi @skhan28 As per my understanding, Splunk Cloud is managed by Splunk Guys and we can not get access to those systems.

but, you can work with Splunk Support and send the csv files to the correct location(thru some scripting or thru some methods which Splunk Support suggests).

skhan28 · ‎10-14-2020

Sure @inventsekar , Thanks for the solution, I'll check with splunk support for access

Can we update a lookup CSV file through a URL in splunk

lookup

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk