All Apps and Add-ons

Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'cisco_pix' and lookup table 'err_code_lookup'

srich
Explorer

This is a fresh install of Splunk 5. I have satisfied all required dependencies of the Splunk for Cisco ASA app. However, when I select the app, I am getting this error.

Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'cisco_pix' and lookup table 'err_code_lookup'

There is an answer with the same error but the resolution was a Splunk engineer supplied the missing file. How do I fix this issue?

And I get this error in the Cisco Security Suite app.

Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'cisco:asa' and lookup table 'cisco_asa_event_codes'

Are they related to a missing app/TA?

Tags (1)
0 Karma

tony_alibelli
New Member

hi i have the same issue
i modified the both file event_codes.csv in the two application : Splunk_CiscoSecuritySuite/lookups + Splunk_CiscoFirewalls/lookups
but nothing change

0 Karma

AWDItTech
New Member

Minor issue with eventcode - will need to do some more work to get the 2 versions of file working. - Maybe a rework of TA-cisco_asa required

0 Karma

AWDItTech
New Member

I managed to find a difference between the file event_codes.csv in the (Splunk_CiscoSecuritySuite/lookups + Splunk_CiscoFirewalls/lookups) & the TA-cisco_asa/lookups.

The TA-cisco_asa had the first line as
log_level_desc,log_level,errorcode,event_desc
instead of
log_level_desc,log_level,error_code,event_desc
Problem fixed by copying over the file, or you could edit it

0 Karma

stephensmg
New Member

Same issue for me...Did you ever get this fixed?

0 Karma
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...