Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

outputlookup command not found

stehlampe69
Explorer
‎01-28-2013 07:44 AM

Hello,

eventually I'm missing something, but I've searched quite a lot.
My Problem is that I cannot use outputlookup because I get the following error:
bash: outputlookup: Command not found.
I've tried to get a watchlist with the following command:
"getwatchlist http://amada.abuse.ch/blocklist.php?download=ipblocklist delimiter=# categoryCol=2 isbad=true | outputlookup amada.csv"
The getwatchlist doesn't work like this, but with a workaround (python getwatchlist.py ...)I get the data. But the real problem is that the outputlookup isn't recognized.
If I type it in the search filed in the Splunk Web Frontend it works, but not in the console where I have to run the other command (getwatchlist).
Am I missing something to get this working on console? Any help would be nice.

Thanks in advance

Peter

Tags (1)
0 Karma
Reply

stehlampe69
Explorer
‎02-01-2013 12:39 AM

Hello again,

first: Thank you dshpritz, you've helped me to figure out what I'm missing.
second: For all who have the same HowTo and come to this post because the command didn't work.
The Command getwatchlist http://amada.abuse.ch/blocklist.php?download=ipblocklist delimiter=# categoryCol=2 isbad=true isn't getting something back, because the URI has canged. The new URI is http://www.abuse.ch/zeustracker/blocklist.php?download=ipblocklist. There is also a DNS Version of the list. Have a look: https://zeustracker.abuse.ch/blocklist.php

Happy splunking 🙂

0 Karma
Reply

dshpritz
SplunkTrust
SplunkTrust
‎01-28-2013 08:48 AM

Hey Peter,

From what you have said ("bash: outputlookup: Command not found."), it sounds like you are running getwatchlist from the shell. Getwatchlist will do this, but Splunk commands will not work. The command should be run from the Splunk web interface, via the search bar.

Here are some links that might help:

http://blogs.splunk.com/2011/08/16/getwatchlist-getting-watchlists-into-splunk-quickly-and-easily-wi...

and

http://blogs.splunk.com/2011/09/08/anonymous-proxies/

HTH,

Dave

Reply

stehlampe69
Explorer
‎02-01-2013 12:39 AM

Hello again,

first: Thank you dshpritz, you've helped me to figure out what I'm missing.
second: For all who have the same HowTo and come to this post because the command didn't work.
The Command getwatchlist http://amada.abuse.ch/blocklist.php?download=ipblocklist delimiter=# categoryCol=2 isbad=true isn't getting something back, because the URI has canged. The new URI is http://www.abuse.ch/zeustracker/blocklist.php?download=ipblocklist. There is also a DNS Version of the list. Have a look: https://zeustracker.abuse.ch/blocklist.php

Happy splunking 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...