lookup-editor_scripts

Upload lookups - upload_lookups_to_splunk.py

• Simple script using splunk application lookup-editor (renamed Splunk App for Lookup File Editing ) endpoint to upload multiple lookups at once:

Update lookups - update_lookups_from_splunk.py

• script using splunk application lookup-editor endpoint to update part of a lookup or multiple lookups:

Example of using the -p option (can be done with multiple lookups at once)

The lookup we have on splunk search app:

Execution of the script (script asked for input, we paste the content in the terminal and typed 'ok' to confirm (can be done on multiple lookups at once):

result:

---

Example of using the -i option (can be done with multiple lookups at once)

The lookup we have on splunk search app:

Execution of the script (script asked for each input, can be done on multiple lookups at once):

result:

---

Example of merging two csv files with option -f

(not limited to 2 files, we can merge demo_file_to_merge to all the lookups we want on splunk):

The lookup we have on splunk search app:

The csv file on our desktop we want to merge to the lookup test.csv:

Execution of the script to merge both files:

result:

---

Example of merging tree csv files with option -f:

The lookups we have on splunk search app:

The csv file on our desktop we want to merge to the lookup test.csv and test2.csv:

Execution of the script to the files:

result:

Download lookups - download_lookups_from_splunk.py

• Simple script using splunk application lookup-editor endpoint to download lookup(s) from splunk:

no arguments (use default values declared in the script)

with arguments:

[update 2023/05] you can also check out the script https://github.com/beckyburwell/splunk_rest_upload_lookups using the same endpoint API