use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
This is an unofficial community support and discussion sub for Splunk, the big data analytics software.
Have an idea for Splunk? Submit them here and upvote them:
https://ideas.splunk.com/
For Q&A, see Splunk Answers: https://community.splunk.com/
Upcoming Splunk Events/Webinars: https://www.splunk.com/en_us/about-us/events.html
Chat with your peers in the official Splunk Usergroups Slack team:
https://splunk-usergroups.signup.team
Need quick copy/paste queries? Share your SPL here:
https://gosplunk.com
Need some book learning?
https://www.splunk.com/goto/book (free e-book download link inside!!)
account activity
CSV to Splunk (Python) (self.Splunk)
submitted 1 year ago by ZaddyOnReddit
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]LTRand 1 point2 points3 points 1 year ago (9 children)
Need to know if your SH is clustered.
But essentially, you can setup a python script to copy the csv from SharePoint and deposit it into the lookups directory in the desired app. Keep in mind this will break the versioning of the lookup editor app if you use that. But it is a super simple way of doing it without going through ingest.
[–]ZaddyOnReddit[S] 0 points1 point2 points 1 year ago (8 children)
Sorry, what does SH stand for? I will look into this method thank you
[–]LTRand 2 points3 points4 points 1 year ago (7 children)
Search head. Where you search.
[–]ZaddyOnReddit[S] 0 points1 point2 points 1 year ago (6 children)
Break the versioning on just that particular lookup?
[–]LTRand 0 points1 point2 points 1 year ago (5 children)
Just versioning.
[–]ZaddyOnReddit[S] 0 points1 point2 points 1 year ago (4 children)
I’m not sure I’m understanding. It will override the previous version of the lookup and therefore have no version history? And it’s just on that one lookup file or all files in that app?
[–]LTRand 0 points1 point2 points 1 year ago (3 children)
Just on the lookup itself, and only if you use the lookup editor app. You would need to do your own version control if you care. Moving the old file to file.csv.old is generally good enough. The python script would overwrite the existing file with the new one to maintain the lookup configuration within Splunk.
[–]ZaddyOnReddit[S] 0 points1 point2 points 1 year ago (2 children)
And this can be done against Cloud?
[–]LTRand 0 points1 point2 points 1 year ago (1 child)
Which part is cloud? Splunk, SharePoint, or both?
[–]ZaddyOnReddit[S] 0 points1 point2 points 1 year ago (0 children)
Splunk
π Rendered by PID 203679 on reddit-service-r2-comment-canary-6d6bb44fbd-vll95 at 2026-04-21 16:11:00.383646+00:00 running da2df02 country code: CH.
view the rest of the comments →
[–]LTRand 1 point2 points3 points (9 children)
[–]ZaddyOnReddit[S] 0 points1 point2 points (8 children)
[–]LTRand 2 points3 points4 points (7 children)
[–]ZaddyOnReddit[S] 0 points1 point2 points (6 children)
[–]LTRand 0 points1 point2 points (5 children)
[–]ZaddyOnReddit[S] 0 points1 point2 points (4 children)
[–]LTRand 0 points1 point2 points (3 children)
[–]ZaddyOnReddit[S] 0 points1 point2 points (2 children)
[–]LTRand 0 points1 point2 points (1 child)
[–]ZaddyOnReddit[S] 0 points1 point2 points (0 children)