Splunk version: 7.2.1
Palo Alto App version: 6.1
I am getting the following errors after the upgrade:
Could not load lookup=LOOKUP-minemeldfeeds_dest_lookup
Could not load lookup=LOOKUP-minemeldfeeds_src_lookup
The Splunkbase page for the Palo Alto app says 6.1 is compatible with 7.2... so what gives? How can I clear this error? I have found no answers for this on Splunk Answers or on Google.
Okay I have found my own answer. This ended up being a KVStore issue. The resolution was to run the following command on my SearchHead:
./splunk migrate migrate-kvstore
Here is the article that helped me to this conclusion:
https://answers.splunk.com/answers/690118/why-is-the-kv-store-process-failing-after-upgrade.html
Okay I have found my own answer. This ended up being a KVStore issue. The resolution was to run the following command on my SearchHead:
./splunk migrate migrate-kvstore
Here is the article that helped me to this conclusion:
https://answers.splunk.com/answers/690118/why-is-the-kv-store-process-failing-after-upgrade.html
Also get this in the Palo Alto dashboards:
Error in 'lookup' command: Lookups: Could not construct lookup 'minemeldfeeds_lookup, indicator, AS, client_ip, OUTPUT, value.autofocus_tags, AS, client_autofocus_tags'. See search.log for more details.