All Apps and Add-ons

Any way to pull data from a custom ServiceNow table and save it permanently without without meeting index data retention policies ?

nmohammed
Contributor

We have a custom table in ServiceNow which just stores data for the Firewall NAT mappings. I added an input in servicenow App to pull data from this table. It was working fine, but since Splunk stores data based on time, it met our retention policies defined for the ServiceNow index and deleted all the data.

What is the best possible way to keep this data stored for ever? It is a small set of records in that table and we want to pull it and save it in Splunk without deleting it due to Index data retention policies.

Name Source IP Target IP
(NAT) xxx.xxx.xxx.200 xx.xxx.xx.xxx

0 Karma

xpac
SplunkTrust
SplunkTrust

Build a search that returns the data in a format that is good for you. Append | outputlookup your-lookup.csv to the search, which should write the results to a lookup with that name. The data can then later be used as any other lookup with the | lookup and | inputlookup commands.

0 Karma

ssadanala1
Contributor

As mentioned as a small set of data , ideal way is to save as a lookup which wont expire 🙂

Happy Splunking !!

0 Karma

nmohammed
Contributor

Thanks ssadnala1 .

can you please guide me on how to pull that data and save as a lookup ?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...