Hello,
I have a CURL script that generates a CSV file, and I would like to use that CSV file as a lookup for some searches that we run in Splunk.
The CURL script runs once daily and generates the output file.
My question is, how do I get the lookup table to update automatically whenever a new file is placed in the specified location?
If I define a lookup using the Web GUI, would the lookup table be automatically updated whenever the CSV file is updated?
Also, If the lookup file is generated on one node of a 4 node search head cluster, will it automatically be propagated to all the cluster nodes, or does it need to be manually defined on each node?
Thanks and Regards,
Madan Sudhindra
↧