Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Distributed Search and Lookups

ruisantos
Path Finder
‎05-13-2010 03:07 PM

Hi,

I'm getting an error on my Search Head when browsing for content related to some LOOKUP directives I have in my apps.

The LOOKUP directives were copied from one of the search peers were they are working.

Currently my problems are: - I'm getting an error stating that this lookup does not exist on one of the search peers (true, because that search peer does not required them) - the LOOKUP directives are not working on the search head.

Any ideas on how this can be solved?

0 Karma
Reply

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎06-04-2010 09:07 PM

Splunk should automatically move lookup related files to the search peers from the search head. Is this a script-based lookup? If so, there are some intricacies in getting these to work in distributed, since they may land in a different-than-expected directory.

Could you share your configuration and the general mechanism of operation for your lookup?

0 Karma
Reply

gfriedmann
Communicator
‎06-23-2011 03:16 PM

What are the intricacies for a script based lookup in a distributed environment? For example, dnslookup.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...