Solved: Error in 'lookup' command: The lookup table 'test_...

zliu · ‎04-22-2010

Below is the transforms.conf at $SPLUNK_HOME/etc/local:

[test_lookup]
filename=test.csv

And I uploaded test.csv (a csv file only with headers):time,host,foo in Manager > Data Input > Files & Directories > New > upload a local file. Also I have test.csv in $SPLUNK_HOME/etc/system/lookups.

However, when I run below search, I get "Error in 'lookup' command: The lookup table 'test_lookup' does not exist."

index="_*" | head 1 | lookup test_lookup host OUTPUT foo

Any idea why this is happening? I restarted Splunk after I modified transforms.conf. This is on version 4.1.0.

Thanks!

muebel · ‎04-22-2010

You might find help here

http://answers.splunk.com/questions/1542/issues-with-pci-app-after-4-1-upgrade/1623#1623

I think the problem is that of the new lookup scoping mechanisms added in 4.1. Adding

[lookups]
export=system

to the $splunk_home/etc/system/metadata/local.meta config file should save your day.

View solution in original post

muebel · ‎04-22-2010

You might find help here

http://answers.splunk.com/questions/1542/issues-with-pci-app-after-4-1-upgrade/1623#1623

I think the problem is that of the new lookup scoping mechanisms added in 4.1. Adding

[lookups]
export=system

to the $splunk_home/etc/system/metadata/local.meta config file should save your day.

yannK · ‎07-29-2014

you can also change the permissions from the manager UI for the lookups definitions to "global"

Error in 'lookup' command: The lookup table 'test_lookup' does not exist.

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms