Splunk Search

Error in 'inputlookup' command

terryloar
Path Finder

I get the following error:

"Error in 'inputlookup' command: This command must be the first command of a search."

FOR

source="/home/loart/dev/Splunk/Test_Logs/nepoc_access_small.log" | inputlookup month_year.csv

AND

source="/home/loart/dev/Splunk/Test_Logs/nepoc_access_small.log" | inputlookup month_year

However, inputlookup is indeed the first command, month_year.csv is defined, and month_year is a valid lookup.

Tags (1)

Drainy
Champion

To use inputlookup it must be the first command, e.g.

| inputlookup blah.csv

To use it later in a search you use it like so;

sourcetype=blah | inputlookup append=t blah.csv
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...