Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Streamed Search Execute Failed Because: Error in 'lookup' command

JoshuaJJ
Path Finder
‎03-20-2024 10:04 AM

Good morning, 

I am having issues with admon and running into this error: 

Streamed Search Execute Failed Because: Error in 'lookup' command: Script execution failed for external search command '/opt/splunk/var/run/searchpeers/B3E####/apps/Splunk_TA_Windows/bin/user_account_control_property.py'..

Transforms on indexer 

#########Active Directory ##########

[user_account_control_property]

external_cmd = user_account_control_property.py userAccountControl userAccountPropertyFlad

external_type = python

field_list = userAccountControl, userAccountPropertyFlag

python.version = python3 

 

Script is located within the bin directory of the App .../bin/user_account_control_property

The error is happening when I run this search      index=test source=ActiveDirectory

I have an app created called ADMON on the deployment server which is being deployed to my primary domain controllers. At first, I saw a ton of sync data, after that it was erroring out with the above error message.

 

0 Karma
Reply

marnall
Motivator
‎03-20-2024 02:43 PM

At first glance it seems your field/argument "userAccountPropertyFlag" ends with a 'd' character when passed to the script: "userAccountPropertyFlad"

 

If that doesn't fix it, you may be able to find more informational errors by searching in the internal error logs relating to this script:

index=_internal user_account_control_property.py log_level=ERROR

 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...