Hi Splunkers, we have a SH with Splunk Enterprise Security installed on it. It is a standalone instance that query some indexers clusters. We are going on about configure it and we loaded some .csv file for Asset and identity management.

Once ewe uploaded those files, when we ran a search we got this situation: the search is executed, but erros about inability to load lookups that store merged asset and identity data in Splunk Enterprise Security are collected. Error syntax is the following:

[<indexers listed here>] Could not load lookup=LOOKUP-zu-asset_lookup_by_str-_risk_system
[<indexers listed here>] Could not load lookup=LOOKUP-zu-asset_lookup_by_str-dest
[<indexers listed here>] Could not load lookup=LOOKUP-zu-asset_lookup_by_str-dvc
[<indexers listed here>] Could not load lookup=LOOKUP-zu-asset_lookup_by_str-src
[<indexers listed here>] Could not load lookup=LOOKUP-zv-asset_lookup_by_cidr-_risk_system
[<indexers listed here>] Could not load lookup=LOOKUP-zv-asset_lookup_by_cidr-dest
[<indexers listed here>] Could not load lookup=LOOKUP-zv-asset_lookup_by_cidr-dvc
[<indexers listed here>] Could not load lookup=LOOKUP-zv-asset_lookup_by_cidr-src

First think I thought: ok, this is probably a permission issue. BTW, even when I execute the search with admin user that loaded .csv in assent and identity inventory, I got the same error. 
I can add that we modified some OOT DM, to add some fields needed by our SOC.

What could be the root cause?