Splunk Search

Why am I getting "The lookup table 'dropdownsLookup' does not exist." errors after every search?

appzen
Path Finder

Every time I do a search, the search results are successful but I get these prompts atop of my search results, each with an orange triangle icon with an exclamation is:

Info.csv being bloated by "lookup" log messages . Will not log additional errors. Refer search.log
The limit has been reached for log messages in info.csv. 1 messages have not been written to info.csv. Please refer search.log for these messages or limits.conf to configure this limit.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration '(?i)source::....zip(.\d+)?'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'ActiveDirectory'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'BoxAppForSplunk_controller-too_small'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'Linux:SELinuxConfig'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'PerformanceMonitor'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'Splunk_TA_aws-RestEndpoints-account-list-too_small'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'WinNetMonMk'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'WinPrintMon'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'WinRegistry'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'WinWinHostMon'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration '__singleline'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration '_json'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'access_combined'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'access_combined_wcookie'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'access_common'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'aix_secure'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'anaconda'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'anaconda_syslog'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'apache_error'.
The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration 'asterisk_cdr'.

I don't remember activating anything from another app. I did download the Splunk App for Unix and Linux, but it's disabled at the moment. That was the only thing I can think of that I changed. How do I get rid of this error? Is there another app that I need to disable?

Tags (3)

schultet
Path Finder

I too and getting these messages now.

•The limit has been reached for log messages in info.csv. 16 messages have not been written to info.csv. Please refer to search.log for these messages or limits.conf to configure this limit.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::*:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::13TH|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::43rd|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::CO|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::HP|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::Hypnos|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::LC|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::ND|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::OC|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::PROTEUS|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::Penia|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::SS|WinEventLog:Security'.
•The lookup table 'MSADGroupType' does not exist. It is referenced by configuration 'source::WinEventLog:Security|host::ST|WinEventLog:Security'.
•The lookup table 'endpoint_change_object_category_lookup' does not exist. It is referenced by configuration 'WinRegistry'.
•The lookup table 'endpoint_change_object_category_lookup' does not exist. It is referenced by configuration 'fs_notification'.
•The lookup table 'endpoint_change_status_lookup' does not exist. It is referenced by configuration 'WinRegistry'.
•The lookup table 'endpoint_change_status_lookup' does not exist. It is referenced by configuration 'fs_notification'.
•The lookup table 'endpoint_change_user_type_lookup' does not exist. It is referenced by configuration 'WinRegistry'.
•The lookup table 'endpoint_change_vendor_action_lookup' does not exist. It is referenced by configuration 'WinRegistry'.
•The lookup table 'endpoint_change_vendor_action_lookup' does not exist. It is referenced by configuration 'fs_notification'.
•The lookup table 'fs_notification_change_type_lookup' does not exist. It is referenced by configuration 'fs_notification'.

0 Karma

schultet
Path Finder

I have a single server SH and Indexer

0 Karma

russellliss
Path Finder

The Splunk App for Unix also installs "SA-nix" and "Splunk_TA_nix". Remove these as well, and your error should go away.

0 Karma

awilliams_splun
Splunk Employee
Splunk Employee

Are you getting this error in a SH cluster? I've noticed this error myself in my test environment. I'm using a deployer server to push updates to my SHC and have noticed that the dropdowns.csv file gets removed. If I redeploy the apps to the SHC the file returns and the errors go away.

0 Karma

appzen
Path Finder

What do you mean by SH cluster?

0 Karma

russellliss
Path Finder

Search Head, one or more in a cluster. I am getting this error myself, also after installing the Splunk App for Unix and Linux.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...