Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why am I getting "The lookup table 'dropdownsLookup' does not exist." errors after every search?

appzen
Path Finder
‎01-12-2015 02:43 PM

Every time I do a search, the search results are successful but I get these prompts atop of my search results, each with an orange triangle icon with an exclamation is:

Info.csv being bloated by "lookup" log messages . Will not log additional errors. Refer search.log
The limit has been reached for log messages in info.csv. 1 messages have not been written to info.csv. Please refer search.log for these messages or limits.conf to configure this limit.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration '(?i)source::....zip(.\d+)?'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'ActiveDirectory'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'BoxAppForSplunk_controller-too_small'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'Linux:SELinuxConfig'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'PerformanceMonitor'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'Splunk_TA_aws-RestEndpoints-account-list-too_small'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'WinNetMonMk'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'WinPrintMon'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'WinRegistry'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'WinWinHostMon'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration '__singleline'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration '_json'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'access_combined'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'access_combined_wcookie'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'access_common'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'aix_secure'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'anaconda'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'anaconda_syslog'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'apache_error'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'asterisk_cdr'.

I don't remember activating anything from another app. I did download the Splunk App for Unix and Linux, but it's disabled at the moment. That was the only thing I can think of that I changed. How do I get rid of this error? Is there another app that I need to disable?

Tags (3)
Reply

schultet
Path Finder
‎10-01-2015 10:54 AM

I too and getting these messages now.

•The limit has been reached for log messages in info.csv. 16 messages have not been written to info.csv. Please refer to search.log for these messages or limits.conf to configure this limit.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::*:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::13TH|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::43rd|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::CO|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::HP|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::Hypnos|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::LC|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::ND|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::OC|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::PROTEUS|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::Penia|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::SS|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::ST|WinEventLog:Security'.
•The lookup table 'endpoint_change_object_category_lookup' does not exist. It is referenced by configuration 'WinRegistry'.
•The lookup table 'endpoint_change_object_category_lookup' does not exist. It is referenced by configuration 'fs_notification'.
•The lookup table 'endpoint_change_status_lookup' does not exist. It is referenced by configuration 'WinRegistry'.
•The lookup table 'endpoint_change_status_lookup' does not exist. It is referenced by configuration 'fs_notification'.
•The lookup table 'endpoint_change_user_type_lookup' does not exist. It is referenced by configuration 'WinRegistry'.
•The lookup table 'endpoint_change_vendor_action_lookup' does not exist. It is referenced by configuration 'WinRegistry'.
•The lookup table 'endpoint_change_vendor_action_lookup' does not exist. It is referenced by configuration 'fs_notification'.
•The lookup table 'fs_notification_change_type_lookup' does not exist. It is referenced by configuration 'fs_notification'.

0 Karma
Reply

schultet
Path Finder
‎10-01-2015 11:46 AM

I have a single server SH and Indexer

0 Karma
Reply

russellliss
Path Finder
‎01-21-2015 08:13 AM

The Splunk App for Unix also installs "SA-nix" and "Splunk_TA_nix". Remove these as well, and your error should go away.

0 Karma
Reply

awilliams_splun
Splunk Employee
Splunk Employee
‎01-16-2015 05:27 PM

Are you getting this error in a SH cluster? I've noticed this error myself in my test environment. I'm using a deployer server to push updates to my SHC and have noticed that the dropdowns.csv file gets removed. If I redeploy the apps to the SHC the file returns and the errors go away.

0 Karma
Reply

appzen
Path Finder
‎01-19-2015 12:55 PM

What do you mean by SH cluster?

0 Karma
Reply

russellliss
Path Finder
‎01-21-2015 06:54 AM

Search Head, one or more in a cluster. I am getting this error myself, also after installing the Splunk App for Unix and Linux.

0 Karma
Reply
Get Updates on the Splunk Community!

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...
Top