Update a lookup file via REST

Damien_Dallimor · ‎02-16-2012

I want to be able to update an existing csv lookup file (that resides within the lookups directory of a custom app on a searchhead) by uploading the updated file from the local machine(via a custom widget that uses the REST api)

I see there is a REST endpoint similar to this but requires the the lookup file to be published to a staging area on the Splunk server and doesn't allow you to target the destination app.

ziegfried · ‎02-22-2012

You could add a custom REST endpoint to Splunk that handles the file upload and updates the lookup CSV file.

twinspop · ‎12-10-2013

Did you ever create this functionality? Can you share?

Damien_Dallimor · ‎02-22-2012

Cheers Z... I think that will be the approach.

Ayn · ‎02-20-2012

There's another REST endpoint that seems to be addressing this exact thing: http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTknowledge#POST_data.2Ftransforms.2Flo...

Ayn · ‎02-20-2012

Hm, true. Sorry!

Damien_Dallimor · ‎02-20-2012

I don't see how this endpoint can be used to update an existing csv file, as in the contents of the existing lookup file.
The endpoint you mentioned is just for updating the lookup definition.

Update a lookup file via REST

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms