O'Reilly logo

Implementing Splunk: Big Data Reporting and Development for Operational Intelligence by Vincent Bumgarner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Writing a scripted lookup to enrich data

We covered CSV lookups fairly extensively in Chapter 6, Extending Search, then touched on them again in Chapter 9, Summary Indexes and CSV Files and Chapter 10, Configuring Splunk. The capabilities built into Splunk are usually sufficient, but sometimes it is necessary to use an external data source or dynamic logic to calculate values. Scripted lookups have the following advantages over commands or CSV lookups:

  • Scripted lookups are only run once per unique lookup value, as opposed to a command, which would run the command for every event
  • The memory requirement of a CSV lookup increases with the size of the CSV file
  • Rapidly changing values can be left in an external system and queried using the scripted lookup ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required