Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why am I getting "The lookup table 'dropdownsLookup' does not exist." errors after every search?

appzen
Path Finder
‎01-12-2015 02:43 PM

Every time I do a search, the search results are successful but I get these prompts atop of my search results, each with an orange triangle icon with an exclamation is:

Info.csv being bloated by "lookup" log messages . Will not log additional errors. Refer search.log
The limit has been reached for log messages in info.csv. 1 messages have not been written to info.csv. Please refer search.log for these messages or limits.conf to configure this limit.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration '(?i)source::....zip(.\d+)?'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'ActiveDirectory'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'BoxAppForSplunk_controller-too_small'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'Linux:SELinuxConfig'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'PerformanceMonitor'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'Splunk_TA_aws-RestEndpoints-account-list-too_small'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'WinNetMonMk'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'WinPrintMon'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'WinRegistry'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'WinWinHostMon'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration '__singleline'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration '_json'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'access_combined'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'access_combined_wcookie'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'access_common'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'aix_secure'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'anaconda'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'anaconda_syslog'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'apache_error'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'asterisk_cdr'.

I don't remember activating anything from another app. I did download the Splunk App for Unix and Linux, but it's disabled at the moment. That was the only thing I can think of that I changed. How do I get rid of this error? Is there another app that I need to disable?

Tags (3)
Reply

schultet
Path Finder
‎10-01-2015 10:54 AM

I too and getting these messages now.

•The limit has been reached for log messages in info.csv. 16 messages have not been written to info.csv. Please refer to search.log for these messages or limits.conf to configure this limit.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::*:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::13TH|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::43rd|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::CO|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::HP|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::Hypnos|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::LC|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::ND|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::OC|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::PROTEUS|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::Penia|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::SS|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::ST|WinEventLog:Security'.
•The lookup table 'endpoint_change_object_category_lookup' does not exist. It is referenced by configuration 'WinRegistry'.
•The lookup table 'endpoint_change_object_category_lookup' does not exist. It is referenced by configuration 'fs_notification'.
•The lookup table 'endpoint_change_status_lookup' does not exist. It is referenced by configuration 'WinRegistry'.
•The lookup table 'endpoint_change_status_lookup' does not exist. It is referenced by configuration 'fs_notification'.
•The lookup table 'endpoint_change_user_type_lookup' does not exist. It is referenced by configuration 'WinRegistry'.
•The lookup table 'endpoint_change_vendor_action_lookup' does not exist. It is referenced by configuration 'WinRegistry'.
•The lookup table 'endpoint_change_vendor_action_lookup' does not exist. It is referenced by configuration 'fs_notification'.
•The lookup table 'fs_notification_change_type_lookup' does not exist. It is referenced by configuration 'fs_notification'.

0 Karma
Reply

schultet
Path Finder
‎10-01-2015 11:46 AM

I have a single server SH and Indexer

0 Karma
Reply

russellliss
Path Finder
‎01-21-2015 08:13 AM

The Splunk App for Unix also installs "SA-nix" and "Splunk_TA_nix". Remove these as well, and your error should go away.

0 Karma
Reply

awilliams_splun
Splunk Employee
Splunk Employee
‎01-16-2015 05:27 PM

Are you getting this error in a SH cluster? I've noticed this error myself in my test environment. I'm using a deployer server to push updates to my SHC and have noticed that the dropdowns.csv file gets removed. If I redeploy the apps to the SHC the file returns and the errors go away.

0 Karma
Reply

appzen
Path Finder
‎01-19-2015 12:55 PM

What do you mean by SH cluster?

0 Karma
Reply

russellliss
Path Finder
‎01-21-2015 06:54 AM

Search Head, one or more in a cluster. I am getting this error myself, also after installing the Splunk App for Unix and Linux.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...