Re: How to find the related search of lookup file

kteng2024 · ‎12-05-2017

Hi,

Below query is using the CSV, can I please know how the CSV file is being generated like whether is there any query that is generating it , etc.

| inputlookup webaccess.csv | tail 14 | reverse

somesoni2 · ‎12-05-2017

If you've file system access, you can search for that lookup file in $Splunk_home/etc/apps and $Splunk_home/etc/users directory (cd to that directory and grep) on your search head.

If you've sufficient access to run the | rest command, try this (run on your search head)

| rest splunk_server=local /servicesNS/-/-/saved/searches | table title eai:acl.app eai:acl.owner search | where match(search,"outputlookup\s+webaccess\.csv")

kteng2024 · ‎12-05-2017

Thank you so much and for quick reply.. your search worked and it is what i am looking for.

somesoni2 · ‎12-05-2017

Glad to be of help. Don't forget to close the question by accepting the answer that worked for you.

ddrillic · ‎12-05-2017

As @richgalloway said at How to create a lookup table from search

-- Take a look at the outputlookup command at outputlookup

How to find the related search of lookup file

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?