Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

App for Enterprise Security error: lookup_expander: Some extra fields were present in the input CSV

jaoui
Path Finder
‎08-12-2013 02:38 PM

The messages at the top of the screen populates with the following error:
lookup_expander: Some extra fields were present in the input CSV

I want to keep the extra fields in my lookup but I don't want my users to see the error message

Any ideas on what I should do?

0 Karma
Reply

jervin_splunk
Splunk Employee
Splunk Employee
‎08-12-2013 09:19 PM

Custom fields in asset and/or identity tables were prohibited by design beginning in Enterprise Security 2.2, which contained performance optimizations for asset and identity correlation.

However, we now have a patch that provides custom field support for Enterprise Security 2.4. To obtain it you should contact Support to open a case. Provide your exact Splunk and app version information, and we should be able to help.

0 Karma
Reply
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...