Does it handle lookup-table definitions?

Yes, it includes a specific script to create lookup-table stanzas, which are required for Splunk to recognize uploaded CSV files as functional lookup tables.

Can I use this skill to update existing Splunk lookups?

Yes, the skill supports uploading CSV files which can either create brand new lookups or overwrite existing ones within specific Splunk apps.

Which Splunk apps can I target with these commands?

You can specify any valid Splunk app, such as 'search' or custom technical add-ons, using the --app flag provided in the skill's command structure.

Is it possible to recover a deleted lookup?

Deletion is a high-risk operation. While some environments may have backups, the skill treats deletion as permanent, so use the delete command with caution.

Splunk Lookup Management

Name: Splunk Lookup Management
Author: grandcamel

bygrandcamel

分析と監視

Automates the lifecycle of Splunk CSV lookup files and table definitions via the REST API.

概要

The Splunk Lookup skill empowers Claude to manage data enrichment tables directly within your Splunk environment, streamlining the process of uploading, downloading, and listing CSV lookup files. It handles the creation of necessary lookup-table stanzas (definitions) required for data correlation, making it an essential tool for security analysts and Splunk administrators who need to update threat intelligence lists, user directories, or asset catalogs without manually navigating the Splunk Web UI. By leveraging the Splunk REST API, this skill provides a production-ready framework for maintaining critical enrichment data with high efficiency.

主な機能

Securely delete obsolete lookup files via programmatic commands
0 GitHub stars
Download existing lookup tables for local editing or backup
Automate the creation of lookup-table stanzas and definitions
List and inspect metadata for all lookups within a target app
Upload and overwrite CSV lookup files to specific Splunk apps

ユースケース

Updating threat intelligence or IOC lists in real-time for security monitoring
Synchronizing user identity data or asset inventory for log enrichment
Automating the migration of lookup tables between development and production environments

概要

主な機能

Securely delete obsolete lookup files via programmatic commands
0 GitHub stars
Download existing lookup tables for local editing or backup
Automate the creation of lookup-table stanzas and definitions
List and inspect metadata for all lookups within a target app
Upload and overwrite CSV lookup files to specific Splunk apps

ユースケース

Updating threat intelligence or IOC lists in real-time for security monitoring
Synchronizing user identity data or asset inventory for log enrichment
Automating the migration of lookup tables between development and production environments