Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Streamed Search Execute Failed Because: Error in 'lookup' command

JoshuaJJ
Path Finder
‎03-20-2024 10:04 AM

Good morning, 

I am having issues with admon and running into this error: 

Streamed Search Execute Failed Because: Error in 'lookup' command: Script execution failed for external search command '/opt/splunk/var/run/searchpeers/B3E####/apps/Splunk_TA_Windows/bin/user_account_control_property.py'..

Transforms on indexer 

#########Active Directory ##########

[user_account_control_property]

external_cmd = user_account_control_property.py userAccountControl userAccountPropertyFlad

external_type = python

field_list = userAccountControl, userAccountPropertyFlag

python.version = python3 

 

Script is located within the bin directory of the App .../bin/user_account_control_property

The error is happening when I run this search      index=test source=ActiveDirectory

I have an app created called ADMON on the deployment server which is being deployed to my primary domain controllers. At first, I saw a ton of sync data, after that it was erroring out with the above error message.

 

0 Karma
Reply

marnall
Motivator
‎03-20-2024 02:43 PM

At first glance it seems your field/argument "userAccountPropertyFlag" ends with a 'd' character when passed to the script: "userAccountPropertyFlad"

 

If that doesn't fix it, you may be able to find more informational errors by searching in the internal error logs relating to this script:

index=_internal user_account_control_property.py log_level=ERROR

 

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...