Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Distributed Search and Lookups

ruisantos
Path Finder
‎05-13-2010 03:07 PM

Hi,

I'm getting an error on my Search Head when browsing for content related to some LOOKUP directives I have in my apps.

The LOOKUP directives were copied from one of the search peers were they are working.

Currently my problems are: - I'm getting an error stating that this lookup does not exist on one of the search peers (true, because that search peer does not required them) - the LOOKUP directives are not working on the search head.

Any ideas on how this can be solved?

0 Karma
Reply

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎06-04-2010 09:07 PM

Splunk should automatically move lookup related files to the search peers from the search head. Is this a script-based lookup? If so, there are some intricacies in getting these to work in distributed, since they may land in a different-than-expected directory.

Could you share your configuration and the general mechanism of operation for your lookup?

0 Karma
Reply

gfriedmann
Communicator
‎06-23-2011 03:16 PM

What are the intricacies for a script based lookup in a distributed environment? For example, dnslookup.

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...