All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Lookup file 'cisco_ios_messages.csv' has 2 missing fields

_smp_
Builder
‎11-27-2019 06:03 AM

This warning has been polluting my internal logs for a long time:

11-27-2019 13:39:46.280 +0000 WARN IndexedCSV - csv file /opt/splunk/var/run/searchpeers/B5C95237-71AF-4203-AD5C-F88B10308CFC-1574861980/apps/cisco_ios/lookups/cisco_ios_messages.csv has 2 missing fields

Today I finally decided to look at it. Using some filtering in Excel, I found two lines in the cisco_ios_messages.csv lookup file in this app that didn't have all the columns populated:

splunk@splunk:[~/etc/shcluster/apps/cisco_ios/lookups]> grep '""' cisco_ios_messages.csv 
"ZONE","6","ZS_INVALID_MEMBER","Invalid member [dec] [chars]","Invalid member type [dec] [chars] recieved from the API call.",""
"ZONE","6","ZS_UNKNOWN_LIC_FEATURE","[chars]","",""

A bit of googling uncovered this Cisco page Cisco MDS 9000 Family and Nexus 7000 Series NX-OS System Messages Reference. With the information from that page, I fixed the lookup file. Now the internal errors are gone:

"ZONE","6","ZS_INVALID_MEMBER","Invalid member [dec] [chars]","Invalid member type [dec] [chars] recieved from the API call.","No action is required."
"ZONE","6","ZS_UNKNOWN_LIC_FEATURE","[chars]","Zone Server received an event for an known licensing feature: [chars].","No action is required."

Thank you for the app!

Reply

tfechner
Path Finder
‎04-28-2020 10:50 PM

great! thank you

0 Karma
Reply

CarsonZa
Contributor
‎03-18-2020 12:00 PM

i have been looking for this for awhile. Thank you for putting in the leg work.

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...