Prepare for the Splunk Fundamentals 1 Exam. Utilize flashcards and multiple-choice questions, each crafted with hints and explanations. Get exam-ready now!

Practice this question and more.


When integrating external data in Lookups, what is NOT a valid source?

  1. Files on local storage

  2. CSV files

  3. Data from previous searches

  4. Scripts

The correct answer is: Data from previous searches

In the context of integrating external data in Lookups within Splunk, the option that does not represent a valid source is data from previous searches. Lookups are designed to enhance search results by allowing users to attach additional information to their events from external data sources. These sources typically include static files or scripts that can provide additional fields or contextual information. Files on local storage, CSV files, and scripts are all valid sources for Lookups. They can be uploaded and referenced in Splunk to enrich the data being analyzed. However, data from previous searches is inherently transient; it is generated dynamically at search time and not stored in a static format accessible for lookups. Lookups require a stable source of external data, while previous search results do not meet this requirement. Therefore, this option is correctly identified as not a valid source for Lookups.