Data storage in Splunk

Release version: Xanadu

Updated January 15, 2025

1 minute to read

This section outlines how TISC utilizes lookups during the integration within Splunk's Key-Value store for data storage. It details how these lookups are configured and retrieved within Splunk.


Lookup	Lookup Description
`threat_intel_store_lookup_test_instance_test`	Name of the KV lookup to be used for searching the incoming records.
`threat_intel_store_test_instance_test`	Name of the KV store where the data resides.
`inputlookup <lookup_name>" example : \| inputlookup threat_intel_store_lookup_test_instance_test`	Query to lookup records in the KV store.