Splunk Search

Why am I getting "The lookup table 'dropdownsLookup' does not exist." errors after every search?

appzen
Path Finder

Every time I do a search, the search results are successful but I get these prompts atop of my search results, each with an orange triangle icon with an exclamation is:

Info.csv being bloated by "lookup" log messages . Will not log additional errors. Refer search.log
The limit has been reached for log messages in info.csv. 1 messages have not been written to info.csv. Please refer search.log for these messages or limits.conf to configure this limit.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration '(?i)source::....zip(.\d+)?'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'ActiveDirectory'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'BoxAppForSplunk_controller-too_small'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'Linux:SELinuxConfig'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'PerformanceMonitor'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'Splunk_TA_aws-RestEndpoints-account-list-too_small'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'WinNetMonMk'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'WinPrintMon'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'WinRegistry'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'WinWinHostMon'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration '__singleline'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration '_json'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'access_combined'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'access_combined_wcookie'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'access_common'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'aix_secure'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'anaconda'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'anaconda_syslog'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'apache_error'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'asterisk_cdr'.

I don't remember activating anything from another app. I did download the Splunk App for Unix and Linux, but it's disabled at the moment. That was the only thing I can think of that I changed. How do I get rid of this error? Is there another app that I need to disable?

Tags (3)

schultet
Path Finder

I too and getting these messages now.

•The limit has been reached for log messages in info.csv. 16 messages have not been written to info.csv. Please refer to search.log for these messages or limits.conf to configure this limit.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::*:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::13TH|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::43rd|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::CO|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::HP|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::Hypnos|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::LC|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::ND|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::OC|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::PROTEUS|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::Penia|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::SS|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::ST|WinEventLog:Security'.
•The lookup table 'endpoint_change_object_category_lookup' does not exist. It is referenced by configuration 'WinRegistry'.
•The lookup table 'endpoint_change_object_category_lookup' does not exist. It is referenced by configuration 'fs_notification'.
•The lookup table 'endpoint_change_status_lookup' does not exist. It is referenced by configuration 'WinRegistry'.
•The lookup table 'endpoint_change_status_lookup' does not exist. It is referenced by configuration 'fs_notification'.
•The lookup table 'endpoint_change_user_type_lookup' does not exist. It is referenced by configuration 'WinRegistry'.
•The lookup table 'endpoint_change_vendor_action_lookup' does not exist. It is referenced by configuration 'WinRegistry'.
•The lookup table 'endpoint_change_vendor_action_lookup' does not exist. It is referenced by configuration 'fs_notification'.
•The lookup table 'fs_notification_change_type_lookup' does not exist. It is referenced by configuration 'fs_notification'.

0 Karma

schultet
Path Finder

I have a single server SH and Indexer

0 Karma

russellliss
Path Finder

The Splunk App for Unix also installs "SA-nix" and "Splunk_TA_nix". Remove these as well, and your error should go away.

0 Karma

awilliams_splun
Splunk Employee
Splunk Employee

Are you getting this error in a SH cluster? I've noticed this error myself in my test environment. I'm using a deployer server to push updates to my SHC and have noticed that the dropdowns.csv file gets removed. If I redeploy the apps to the SHC the file returns and the errors go away.

0 Karma

appzen
Path Finder

What do you mean by SH cluster?

0 Karma

russellliss
Path Finder

Search Head, one or more in a cluster. I am getting this error myself, also after installing the Splunk App for Unix and Linux.

0 Karma
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...

Reminder! Splunk Love Promo: $25 Visa Gift Card for Your Honest SOAR Review With ...

We recently launched our first Splunk Love Special, and it's gone phenomenally well, so we're doing it again, ...