All Apps and Add-ons

Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'cisco_pix' and lookup table 'err_code_lookup'

srich
Explorer

This is a fresh install of Splunk 5. I have satisfied all required dependencies of the Splunk for Cisco ASA app. However, when I select the app, I am getting this error.

Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'cisco_pix' and lookup table 'err_code_lookup'

There is an answer with the same error but the resolution was a Splunk engineer supplied the missing file. How do I fix this issue?

And I get this error in the Cisco Security Suite app.

Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'cisco:asa' and lookup table 'cisco_asa_event_codes'

Are they related to a missing app/TA?

Tags (1)
0 Karma

tony_alibelli
New Member

hi i have the same issue
i modified the both file event_codes.csv in the two application : Splunk_CiscoSecuritySuite/lookups + Splunk_CiscoFirewalls/lookups
but nothing change

0 Karma

AWDItTech
New Member

Minor issue with eventcode - will need to do some more work to get the 2 versions of file working. - Maybe a rework of TA-cisco_asa required

0 Karma

AWDItTech
New Member

I managed to find a difference between the file event_codes.csv in the (Splunk_CiscoSecuritySuite/lookups + Splunk_CiscoFirewalls/lookups) & the TA-cisco_asa/lookups.

The TA-cisco_asa had the first line as
log_level_desc,log_level,errorcode,event_desc
instead of
log_level_desc,log_level,error_code,event_desc
Problem fixed by copying over the file, or you could edit it

0 Karma

stephensmg
New Member

Same issue for me...Did you ever get this fixed?

0 Karma
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...