All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Splunk App for *nix missing dropdown.csv

rseagle07
Explorer
‎10-22-2013 08:04 AM

I just installed the Splunk App for *nix (version 5.0.0-182057) on my Indexer/Search Head. I have also configured a deployed server to use the Splunk App for *nix to log using the scripted inputs. If I use the Search & Reporting app with index=os or sourcetype=lastlog, results are displayed.

However, if I try to use the Splunk App for *nix on the Search Head, I get the error message:

The lookup table 'dropdowns.csv' is invalid.
The specified search will not match any events
[subsearch]: The lookup table 'dropdownsLookup' is invalid.

I checked the Search Heads $SPLUNK_HOME and the dropdown.csv file does not exist. Is this file missing from the install package?

Reply
1 Solution
Solved! Jump to solution
Solution

BenjaminWyatt
Communicator
‎10-22-2013 02:19 PM

Ok. In the SA-nix TA, there's a saved search called "__generate_lookup_dropdowns". Try running this manually by copying the search text and running it in the "search" bar of the unix app. That should create your dropdown...

View solution in original post

Reply
Solved! Jump to solution

bshuler_splunk
Splunk Employee
Splunk Employee
‎02-03-2014 02:11 PM

The solution is documented here:

http://docs.splunk.com/Documentation/UnixApp/latest/User/TroubleshoottheSplunkAppforUnixandLinux#The...

The app complains about a missing or
invalid dropdowns.csv

This error occurs when you skip the
first-time configuration screen. To
fix it, configure the app by selecting
"Settings" from the main app menu, and
from the Settings screen, selecting
"Categories."

0 Karma
Reply
Solved! Jump to solution
Solution

BenjaminWyatt
Communicator
‎10-22-2013 02:19 PM

Ok. In the SA-nix TA, there's a saved search called "__generate_lookup_dropdowns". Try running this manually by copying the search text and running it in the "search" bar of the unix app. That should create your dropdown...

Reply
Solved! Jump to solution

BenjaminWyatt
Communicator
‎10-22-2013 01:40 PM

I believe this dropdown should reside in the "SA-nix" app within etc/apps. Can you try checking that app and seeing if the lookup exists (it would be in a sub-directory called "lookups")?

0 Karma
Reply
Solved! Jump to solution

rseagle07
Explorer
‎10-22-2013 02:36 PM

That worked! Thank you.

0 Karma
Reply
Solved! Jump to solution

rseagle07
Explorer
‎10-22-2013 01:53 PM

I checked the lookups directory inside SA-nix, and the dropdown.csv file does not exist. Even doing an:

unzip -l splunk_app_for_nix-5.0.0-182057 | grep dropdown.csv

on the *nix app package yields no results. I believe you are right about the file's location, because the splunk_app_for_nix app has code in appserver/controllers/unixsetup.py:

dropdownsCsv = os.path.join(util.get_apps_dir(), 'SA-nix', 'lookups', 'dropdowns.csv')

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

    Thursday, June 25, 2026  |  11AM PDT / 2PM EDT  Duration: 1 Hour (Includes live Q&A) Register to ...

Analytics Workspace deprecation

As of Splunk Cloud Platform 10.4.2604 and Splunk Enterprise 10.4, Analytics Workspace is now deprecated. ...

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Splunk Developer Day brought the Splunk developer community together for a practical look at what it means to ...