Getting Data In

Network Resolution (DNS) - Could not construct lookups- How to resolve errors?

lznger88_2
Path Finder

Hi All,

I have recently ingested Cisco Umbrella logs into Splunk Cloud (8.1.2) and everything seems to be working fine, expect for the Network Resolution DNS data model. When I try to accelerate the model or pivot, I obtain the following errrors:

1) The search job has failed due to an error. You may be able view the job in the job inspector
 
 
2) Error in 'lookup' command: Could not construct lookup 'cim_dns_reply_code_lookup, reply_code_id, AS, reply_code_id, OUTPUT, reply_code, AS, reply_code'. See search.log for more details.
 
3) Cannot expand lookup field 'action' due to a reference cycle in the lookup configuration. Rewrite the lookup configuration to remove the reference cycle.

 

I reviewed the search.log but don't see anything related to causing the issue. Has anyone experienced or solved this before?

Cheers

Labels (1)
0 Karma

jamesdsteel
Explorer

Just encountered the same error.

Fixed by downloading the CIM app from Splunkbase and extracting the cim_dns_reply_codes2.csv.default file (from Splunk_SA_CIM/lookups/) , saving it as cim_dns_reply_codes2.csv and then uploading it back to the CIM app on our instance.

For some reason the CSV is there in the app as cim_dns_reply_codes2.csv.default which Splunk doesn't seem to recognise as a valid CSV.

Rebuilding the Network_Resolution data model and seems to be working now.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...