- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: # The lookup table 'oracle_actions' does not e...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
# The lookup table 'oracle_actions' does not exist. It is referenced by configuration 'oracle_syslog'
Oracle Audit Trail installed.
I keep getting below error in my searches
The oracle_actions.cvs can be foud as blow:
[root@CACTI lookups]# ll
total 8
-rw------- 1 root root 4499 Jul 9 11:14 oracle_actions.csv
[root@CACTI lookups]# pwd
/splunk/etc/apps/oracleaudit/lookups
props.conf
[root@CACTI default]# cat props.conf
[syslog]
TRANSFORMS-sourcetype = sourcetype_to_oracle_syslog[oracle_syslog]
EXTRACT-oracle_key_value_pair = (?i)(?<_KEY_1>\S+):[\d+]\s+"(?<_VAL_1>[^"]+)"
LOOKUP-action = oracle_actions ACTION OUTPUT oracle_actionname, oracle_eventtype, oracle_eventclass[oracle_key_value-pair]
transforms.conf
[root@CACTI default]# cat transforms.conf
[sourcetype_to_oracle_syslog]
SOURCE_KEY = _raw
DEST_KEY = MetaData:Sourcetype
REGEX = Audit[\d+]: LENGTH\s+:\s+\'\d+\'\s+ACTION\s+:[\d+]\s+
FORMAT = sourcetype::oracle_syslog[oracle_actions]
filename = oracle_actions.csv
max_matches = 1
min_matches = 1
I read link but it is not for me
How can I solve this issus?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The lookup table 'oracle_actions' does not exist. It is referenced by configuration 'oracle_syslog'.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I got it by myself.
Need change a little.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Manager » Lookups » Lookup table files
Find out "Oracle Audit"
Set oracle_actions.csv "sharing=Global"
I will get it.
On Oracle 10G, you need active audit in DB by yourself.
On Oracle 11G, audit has been actived by default.
Good Luck!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Xuanyun, I have the same problem as you. Can you tell me how you removed the error you were getting
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry
It may a error of Oracle Audit Trail not Splunk for Orcle Weblogic Server.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you anshu! I wait you for a long time. It is that I see a reb row message display "The lookup table 'oracle_actions' does not exist. It is referenced by configuration 'oracle_syslog'." on top when I installed Weblogic apps. How can I do for the red message?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i've tagged your question with the tag for the app i think you're talking about. this will notify the app's owner of your question.
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
