Upload CSV Lookup File to Splunk

ww9rivers

Splunk provides CSV lookup file management functions on its web GUI, allowing new CSV files to be added in an app, deleted, or moved between apps.

However, it does not seem to allow the same functions to be performed through API functions.

It's REST API set has endpoints that allow a CSV file already in the staging area to be moved to an app so that it can be used as a lookup table. However, there is no way to upload a file into the staging area, which seems to be a ridiculous restriction -- although I can imagine that Splunk may have legitimate security concerns.

This seems to be a request that others have as well.

How to upload updated lookup CSV to Splunk Cloud using REST API WITHOUT using the UI?

We're heavy SplunkCloud users and have run into a roadblock. We have a lookup CSV file that needs to be updated daily - slowly changing customer

(community.splunk.com)

Creating a REST endpoint to allow csv lookup files to be uploaded/updated?

I would like to create a REST endpoint that will allow me to to automate the uploading and updating of a csv lookup file daily. Is it possible to

(community.splunk.com)

How to upload lookup file using REST to specific app

All, I am trying to manage lookup csv files using REST API. 1) I create the lookup file on the stage folder: : [1755] root@endpoint:~ # ; ls -al

(community.splunk.com)