Error 'Could not find all of the specified lookup ...

srich · ‎04-30-2013

This is a fresh install of Splunk 5. I have satisfied all required dependencies of the Splunk for Cisco ASA app. However, when I select the app, I am getting this error.

Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'cisco_pix' and lookup table 'err_code_lookup'

There is an answer with the same error but the resolution was a Splunk engineer supplied the missing file. How do I fix this issue?

And I get this error in the Cisco Security Suite app.

Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'cisco:asa' and lookup table 'cisco_asa_event_codes'

Are they related to a missing app/TA?

tony_alibelli · ‎08-26-2013

hi i have the same issue
i modified the both file event_codes.csv in the two application : Splunk_CiscoSecuritySuite/lookups + Splunk_CiscoFirewalls/lookups
but nothing change

AWDItTech · ‎08-21-2013

Minor issue with eventcode - will need to do some more work to get the 2 versions of file working. - Maybe a rework of TA-cisco_asa required

AWDItTech · ‎08-21-2013

I managed to find a difference between the file event_codes.csv in the (Splunk_CiscoSecuritySuite/lookups + Splunk_CiscoFirewalls/lookups) & the TA-cisco_asa/lookups.

The TA-cisco_asa had the first line as
log_level_desc,log_level,errorcode,event_desc
instead of
log_level_desc,log_level,error_code,event_desc
Problem fixed by copying over the file, or you could edit it

stephensmg · ‎07-18-2013

Same issue for me...Did you ever get this fixed?

Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'cisco_pix' and lookup table 'err_code_lookup'

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!