All Apps and Add-ons

Script for lookup table 'user_agents' returned error code 1. Results may be incorrect.

rameshlpatel
Communicator

i have userAgent field that i am planning to extract using useragent app. However i am getting below exeception .

error :
Script for lookup table 'user_agents' returned error code 1. Results may be incorrect.

My search query is : index = node | lookup user_agents userAgent

Events in which userAgent field is there :
{"sourceIP":"10.242.193.56","userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36","origin":"http://customer.wm.com","payload":{"app":"customer-search","timestamp":"2015-07-31T19:34:29.755Z","l... k"}}

Tags (1)
0 Karma
1 Solution

dshpritz
SplunkTrust
SplunkTrust

Hey Ramesh,

The field that you are performing the lookup on should be named http_user_agent. So you may need to add a rename to your search:

index=node | rename userAgent AS http_user_agent | lookup user_agents http_user_agent

HTH

View solution in original post

dshpritz
SplunkTrust
SplunkTrust

Hey Ramesh,

The field that you are performing the lookup on should be named http_user_agent. So you may need to add a rename to your search:

index=node | rename userAgent AS http_user_agent | lookup user_agents http_user_agent

HTH

rameshlpatel
Communicator

Thanks, its now working.

0 Karma
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...