All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk for Palo Alto Networks: Why are we getting multiple "The lookup table...does not exist" errors?

cyrillefranchet
Explorer
‎09-30-2015 03:18 AM

Hello,

We met an issue with the Splunk for Palo Alto Networks app "CSV does not exist".

Splunk works in Windows Server 2012 R2.
alt text

Could you please help us ?

Regards
Rémy

Preview file
1 KB
0 Karma
Reply

woodcock
Esteemed Legend
‎10-01-2015 07:56 PM

Look for a namespace collision problem. Somewhere in your configurations that you wrote/installed before you added the Palo Alto Networks app, you may have created a Knowledge Object with the exact same lookup file name or lookup definition name and given it a "global" permission (scope). If you happened to pick the same name for yours as is being used by PAN, you may be interfering with the chain of KOs within the PAN app.

0 Karma
Reply

bmacias84
Champion
‎10-01-2015 08:17 PM

Possible name collision problem. This is also cause if you are using automatic lookup in which user(s) do not have permission to the csv lookup file. Either upload/ generate a new csv lookup, remove automatic lookup, or change to the permission on the csv to everyone read.

0 Karma
Reply

woodcock
Esteemed Legend
‎10-01-2015 08:29 PM

I cannot see this being the problem because in this case, all of the configuration files in question are pre-packaged in the Palo Alto Networks app, unless some idiot modified permissions after the app was installed.

0 Karma
Reply

maciep
Champion
‎09-30-2015 01:36 PM

Are you running that search outside of the palo alto app? If so, do you get the same results if you run it inside the palo alto app? I'm wondering if maybe the lookups aren't shared globally?

Of course maybe make sure the lookups are actually there too, Settings -> Lookups -> Lookup definitions. Then choose the "Splunk for Palo Alto" app in the dropdown.

0 Karma
Reply
Get Updates on the Splunk Community!

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Python 2.7, the last release of Python 2, reached End of Life back on January 1, 2020. As part of our larger ...