All Apps and Add-ons

Script for lookup table 'user_agents' returned error code 1. Results may be incorrect.

rameshlpatel
Communicator

i have userAgent field that i am planning to extract using useragent app. However i am getting below exeception .

error :
Script for lookup table 'user_agents' returned error code 1. Results may be incorrect.

My search query is : index = node | lookup user_agents userAgent

Events in which userAgent field is there :
{"sourceIP":"10.242.193.56","userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36","origin":"http://customer.wm.com","payload":{"app":"customer-search","timestamp":"2015-07-31T19:34:29.755Z","l... k"}}

Tags (1)
0 Karma
1 Solution

dshpritz
SplunkTrust
SplunkTrust

Hey Ramesh,

The field that you are performing the lookup on should be named http_user_agent. So you may need to add a rename to your search:

index=node | rename userAgent AS http_user_agent | lookup user_agents http_user_agent

HTH

View solution in original post

dshpritz
SplunkTrust
SplunkTrust

Hey Ramesh,

The field that you are performing the lookup on should be named http_user_agent. So you may need to add a rename to your search:

index=node | rename userAgent AS http_user_agent | lookup user_agents http_user_agent

HTH

rameshlpatel
Communicator

Thanks, its now working.

0 Karma
Get Updates on the Splunk Community!

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Optimizing SOC workflows with a unified, risk-based approach to Threat Detection, Investigation, and Response ...

Almost Too Eventful Assurance: Part 1

Modern IT and Network teams still struggle with too many alerts and isolating issues before they are notified. ...

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...