Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

search lookup errors

Dmitriy
Explorer
‎08-11-2021 04:52 AM

Hello, when i search from index=alfa_cisco_ice and see the errors:

AutoLookupDriver - Could not load lookup='LOOKUP-cisco_asa_ids_lookup' reason='Error in 'lookup' command: Must specify one or more lookup fields.'

Please help, how too fix this problem? 

And in inspector i see alot of log like 

SearchOperator:kv - Invalid key-value parser, ignoring it, transform_name='cisco_dest_ipv6'.

 

SearchOperator:kv - Invalid key-value parser, ignoring it, transform_name='cisco_fw_connection'

 

Dmitriy_0-1628682532647.png

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

Dmitriy
Explorer
‎08-11-2021 05:53 AM

i found the first problem Automatic lookups  this 

'LOOKUP-cisco_asa_ids_lookup'

use app TA-alfa_firepower and permited for all app i change permissions for TA-alfa_firepower only. is this good idea?

0 Karma
Reply
Get Updates on the Splunk Community!

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

The Splunk Community is a powerful network of users, educators, and organizations working together to tackle ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...