Hi all,

After successfully installing a POC of the App: Splunk App for Microsoft Exchange in my test environment i went ahead and installed and configured this in production.

We run a search head cluster and index cluster, Splunk Version 6.5.2

I have run through the Guided Setup and all looks to be ok.

However, there are several errors i am seeing throughout the various dashboards.

Error 1: Exchange Service Analyzer - Error in 'map': Did not find value for required attribute 'time'.

Error 2: Host Overview - returns data however you see an ! triangle and notified that there are missing lookup tables

[IndexServer1] The lookup table 'hostInformation' does not exist. It is referenced by configuration 'source::...(service|process)...'.
[IndexServer1] The lookup table 'hostInformation' does not exist. It is referenced by configuration 'source::...Perfmon...'.
[IndexServer2] The lookup table 'hostInformation' does not exist. It is referenced by configuration 'source::...(service|process)...'.
[IndexServer2] The lookup table 'hostInformation' does not exist. It is referenced by configuration 'source::...Perfmon...'.

I have built the look ups again, and rebuilt the Data Models but none of this has helped.

Where should the lookup table 'hostInformation' be located? I can only see the 17 default lookups in the app:

Any ideas?