All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Reporting and Management for OSSEC: Could not load lookup=LOOKUP-rule_group_lookup

weebkun
New Member
‎08-14-2021 10:27 PM

i'm having trouble indexing and monitoring the alerts.log file from ossec. ive tried manually adding in "/var/ossec/alerts/alerts.log" to the data inputs with source type automatic and index default but with no luck as well. when i try to search in the default search and reporting app, no alerts show up, and when i use the Reporting and Management app for OSSEC this error shows up. ive tried rebuilding the lookup table as well but no luck.

attached are screenshots showing the file data inputs and the result from regenerating the lookup table.

file_inputs.pnginitialize_lookup.pngrebuild_lookup.png

if anyone has any idea on how to properly setup the app please let me know.

thanks

Labels (3)
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...