- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Splunk App for *nix missing dropdown.csv
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just installed the Splunk App for *nix (version 5.0.0-182057) on my Indexer/Search Head. I have also configured a deployed server to use the Splunk App for *nix to log using the scripted inputs. If I use the Search & Reporting app with index=os or sourcetype=lastlog, results are displayed.
However, if I try to use the Splunk App for *nix on the Search Head, I get the error message:
The lookup table 'dropdowns.csv' is invalid.
The specified search will not match any events
[subsearch]: The lookup table 'dropdownsLookup' is invalid.
I checked the Search Heads $SPLUNK_HOME and the dropdown.csv file does not exist. Is this file missing from the install package?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok. In the SA-nix TA, there's a saved search called "__generate_lookup_dropdowns". Try running this manually by copying the search text and running it in the "search" bar of the unix app. That should create your dropdown...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The solution is documented here:
The app complains about a missing or
invalid dropdowns.csvThis error occurs when you skip the
first-time configuration screen. To
fix it, configure the app by selecting
"Settings" from the main app menu, and
from the Settings screen, selecting
"Categories."
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok. In the SA-nix TA, there's a saved search called "__generate_lookup_dropdowns". Try running this manually by copying the search text and running it in the "search" bar of the unix app. That should create your dropdown...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe this dropdown should reside in the "SA-nix" app within etc/apps. Can you try checking that app and seeing if the lookup exists (it would be in a sub-directory called "lookups")?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That worked! Thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I checked the lookups directory inside SA-nix, and the dropdown.csv file does not exist. Even doing an:
unzip -l splunk_app_for_nix-5.0.0-182057 | grep dropdown.csv
on the *nix app package yields no results. I believe you are right about the file's location, because the splunk_app_for_nix app has code in appserver/controllers/unixsetup.py:
dropdownsCsv = os.path.join(util.get_apps_dir(), 'SA-nix', 'lookups', 'dropdowns.csv')
Detecting Remote Code Executions With the Splunk Threat Research Team
Observability | Use Synthetic Monitoring for Website Metadata Verification
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
