Solved: Error in 'lookup' command: The lookup table 'switc...

laiyongmao · ‎12-10-2013

I'm not sure it can, but it is wrong, and I want to know how to solve.

trasforms.conf
[switch_name]
filename = switch_name.csv
[switch_info]
filename = switch_info.csv
[wan_info]
filename = wan.csv

props.conf
[pinginfo]
NO_BINARY_CHECK = 1
pulldown_type = 1
LOOKUP-switch_name = switch_name ip as host OUTPUT locate as name
LOOKUP-switch_info = switch_info host as host
LOOKUP-wan_info = wan_info host as host

Who can tell me how to solve this problem？thanks

lguinn2 · ‎12-10-2013

Assuming that this transforms.conf and props.conf files exist in an app named "myApp", you should find files named

switch_name.csv  
switch_info.csv  
wan.csv

in the directory $SPLUNK_HOME/etc/apps/myApp/lookups
If the files are not there, or cannot be read, you will get this message.

View solution in original post

lguinn2 · ‎12-10-2013

Assuming that this transforms.conf and props.conf files exist in an app named "myApp", you should find files named

switch_name.csv  
switch_info.csv  
wan.csv

in the directory $SPLUNK_HOME/etc/apps/myApp/lookups
If the files are not there, or cannot be read, you will get this message.

laiyongmao · ‎12-10-2013

yeah,i can see it,but it is not work.

[root@localhost lookups]# ls
switch_info.csv switch_name.csv wan.csv
[root@localhost lookups]# vim switch_info.csv
host,name,int,ip
10.3.15.11_TenGigabitEthernet5-4,A,Ten5-4,10.3.15.11
10.3.15.11_TenGigabitEthernet6-4,A,Ten6-4,10.3.15.11
10.3.15.12_TenGigabitEthernet5-4,B,Ten5-4,10.3.15.12
10.3.15.12_TenGigabitEthernet6-4,B,Ten6-4,10.3.15.12

I tried many methods, can not, I am depressed ah.

Error in 'lookup' command: The lookup table 'switch_name' does not exist.

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases