Hi all,
Is it possible to use _inputlookup_ to pull a list of information from a scripted lookup?
[The documentation][1] for _inputlookup_ seems to suggest this is possible:
> The lookup table can be configured for any lookup type (CSV, external, or KV store)._
But [the documentation][2] for transforms.conf where the scripted input is defined states
> Your external lookup script must take in a partially empty CSV file and output a filled-in CSV file
Which implies that it can't be used with a generating command like inputlookup.
I'm trying to pull in a CSV from a threat intel feed but in a way that would allow me to do so using a scheduled search rather than a scripted input or modular input. Any thoughts on how best to do this if using a scripted input with inputlook isn't possible?
[1]: http://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/Inputlookup#Required_arguments
[2]: http://docs.splunk.com/Documentation/Splunk/6.5.2/Knowledge/Configureexternallookups#About_the_external_lookup_script
↧