SPLK-1002 • Practice Test 11
Free SPLK-1002 practice test — 15 questions with explanations. Set 11. No signup required.
A Splunk administrator notices that a lookup definition named 'assets' is not returning any results in searches even though the CSV file exists and has data. The lookup definition uses the filename 'assets.csv' and the matching field 'ip' matches the event field 'dest_ip'. The search query 'index=main | lookup assets ip AS dest_ip OUTPUT asset_name' returns no asset_name values. What is the most likely cause?