Using the UI, I have defined a lookup table from a static CSV file. In my case, the key/value pairs of the file are as follow: oui,vendor 0050.56,VMware 0000.09,XEROX ... Up to 16148 entries (header included). It all seems to work fine. Most of the lookups return sane results which I have cared to validate. But for some reason, I am missing some hits. 0050.56 will not match against the lookup table, even though it actually is there: [root@xyz lookups]# pwd /opt/splunk/etc/apps/search/lookups [root@xyz lookups]# grep 0050.56 oui.csv 0050.56,VMware and even though I have properly extracted its value using the "rex" command. I dont seem to find any logs of the lookups under splunk's var/log, and I dont think I have to escape the "." in "0050.56", as the rest of the keys in the lookup table match without problems. I'd be very thankful if I could get any pointers on this issue. Splunk is awesome when it works, but when it doesnt... it is not all that easy to debug unless you are very involved with its development or community. Thanks in advance! ... View more