Hi, I recently came got annoyed of the problem and finally did some investigation. Looks like the error is complaining about the kvstore of minemeldfeeds_lookup as being empty.   The original minemeldfeeds_lookup was trying to get results from sourcetype=pan:minemeld and we don't have a subscription for that. Here's a workaround (referenced here @ https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchReference/Outputlookup) | makeresults | eval name="xyz" | eval token="12345"| outputlookup minemeldfeeds_lookup This will add an entry and we won't have a blank file anymore.   Good luck and keep on splunking.   ... View more