Not sure how or if this can be fixed, but iplocation is reporting Germany as the country for datacenter.fiberdc.com.tr (which one might guess is in Turkey). Other GeoIP databases are reporting as Turkey. Any idea how to go about fixing this, or even if it can be fixed? ... View more

I apologize - I'm a Splunk newbie and my Splunk sysadmin won't answer any questions and says the problem isn't with Splunk (I obviously suspect otherwise). I have created a database lookup. The credentials used are verified good. I know that Splunk is able to talk to the database, as it is able to pre-fill the database column names. But every time I try to run a search with the lookup command, it generates two warnings "Script for lookup table 'LOOKUP NAME' returned error code 47. Results may be incorrect." And the same with error code 1. Based on other threads here, I tried running index=_internal sourcetype=dbx_debug severity=ERROR OR severity=FATAL and that returned nothing. Stripping out the severity returned 27 records for the past 15 minutes, all of which look normal. I've created a clone of the database lookup with a CSV, and when I run the same search, but substitute the file system lookup for the database lookup, it works fine. Did I simply mis-configure the database lookup somehow? I know that the table will return >10,000 rows (about 14,700 specifically) - is that the problem? What else can I do to troubleshoot, assuming I don't have access to the Splunk file system? Thanks in advance for your suggestions! ... View more