lookup-editor_scripts
lookup-editor_scripts copied to clipboard
mthcht
scripts using splunk application lookup-editor endpoint. Download, upload and update splunk lookups content
lookup-editor_scripts
Upload lookups - upload_lookups_to_splunk.py
- Simple script using splunk application lookup-editor endpoint to upload multiple lookups at once:
Update lookups - update_lookups_from_splunk.py
- script using splunk application lookup-editor endpoint to update part of a lookup or multiple lookups:
Example of using the -p option (can be done with multiple lookups at once)
The lookup we have on splunk search app:
Execution of the script (script asked for input, we paste the content in the terminal and typed 'ok' to confirm (can be done on multiple lookups at once):
result:
Example of using the -i option (can be done with multiple lookups at once)
The lookup we have on splunk search app:
Execution of the script (script asked for each input, can be done on multiple lookups at once):
result:
Example of merging two csv files with option -f
(not limited to 2 files, we can merge demo_file_to_merge to all the lookups we want on splunk):
The lookup we have on splunk search app:
The csv file on our desktop we want to merge to the lookup test.csv:
Execution of the script to merge both files:
result:
Example of merging tree csv files with option -f:
The lookups we have on splunk search app:
The csv file on our desktop we want to merge to the lookup test.csv and test2.csv:
Execution of the script to the files:
result:
Download lookups - download_lookups_from_splunk.py
- Simple script using splunk application lookup-editor endpoint to download lookup(s) from splunk:
no arguments (use default values declared in the script)
with arguments:
[update 2023/05] you can also check out the script https://github.com/beckyburwell/splunk_rest_upload_lookups using the same endpoint API
mthcht