All Apps and Add-ons

Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'cisco_pix' and lookup table 'err_code_lookup'

srich
Explorer

This is a fresh install of Splunk 5. I have satisfied all required dependencies of the Splunk for Cisco ASA app. However, when I select the app, I am getting this error.

Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'cisco_pix' and lookup table 'err_code_lookup'

There is an answer with the same error but the resolution was a Splunk engineer supplied the missing file. How do I fix this issue?

And I get this error in the Cisco Security Suite app.

Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'cisco:asa' and lookup table 'cisco_asa_event_codes'

Are they related to a missing app/TA?

Tags (1)
0 Karma

tony_alibelli
New Member

hi i have the same issue
i modified the both file event_codes.csv in the two application : Splunk_CiscoSecuritySuite/lookups + Splunk_CiscoFirewalls/lookups
but nothing change

0 Karma

AWDItTech
New Member

Minor issue with eventcode - will need to do some more work to get the 2 versions of file working. - Maybe a rework of TA-cisco_asa required

0 Karma

AWDItTech
New Member

I managed to find a difference between the file event_codes.csv in the (Splunk_CiscoSecuritySuite/lookups + Splunk_CiscoFirewalls/lookups) & the TA-cisco_asa/lookups.

The TA-cisco_asa had the first line as
log_level_desc,log_level,errorcode,event_desc
instead of
log_level_desc,log_level,error_code,event_desc
Problem fixed by copying over the file, or you could edit it

0 Karma

stephensmg
New Member

Same issue for me...Did you ever get this fixed?

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...