Error When Using DNSLOOKUP Command

alonsocaio · ‎03-13-2019

I`m trying to run a search using dnslookup.

index=MY_INDEX host=MY_HOST
| lookup dnslookup clienthost as host output clientip as ip_address

I run the search from one of my SH and from my Indexers and It runs successfully. But when the search runs in my other SH, I got the errors below:

[INDEXER_1] Could not find 'external_lookup.py'. It is required for lookup 'dnslookup'.
[INDEXER_1] Streamed search execute failed because: Error in 'lookup' command: Lookups: The lookup table 'dnslookup' does not exist or is not available.
[INDEXER_2] Could not find 'external_lookup.py'. It is required for lookup 'dnslookup'.
[INDEXER_2] Streamed search execute failed because: Error in 'lookup' command: Lookups: The lookup table 'dnslookup' does not exist or is not available.
[INDEXER_3] Could not find 'external_lookup.py'. It is required for lookup 'dnslookup'.
[INDEXER_3] Streamed search execute failed because: Error in 'lookup' command: Lookups: The lookup table 'dnslookup' does not exist or is not available.

All the configuration files in both Search Heads are the same. Does anyone have any tips about this issue?

Error When Using DNSLOOKUP Command

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

Join the Conversation

Error When Using DNSLOOKUP Command

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!