All Apps and Add-ons

The lookup table 'sonicwall_os_guess' does not exist

ermco
Explorer

I have set up the app and it is receiving data. However, I keep getting an error stating "The lookup table 'sonicwall_os_guess' does not exist. It is referenced by configuration 'dell_ipfix'."

I am running SonicOS Enhanced 5.9.0.6-3o.

0 Karma
1 Solution

jalfrey
Communicator

Please update the app. It should fix the problem.

View solution in original post

0 Karma

jalfrey
Communicator

Please update the app. It should fix the problem.

0 Karma

ermco
Explorer

The update still have the warning, so I uninstalled the app but left the data. I installed the update clean and my data is showing now with no errors. Thank you.

0 Karma

paduka
Path Finder

I also didn't see sonicwall_os_guess in lookup definitions. I also tried adding the sonicwall_os_guess.csv lookup to the list of existing lookups.

Can you suggest any other option that we could try?

Thanks a lot!,Is there a fix that has been applied to the app yet? I also didn't see sonicwall_os_guess in lookup definitions.
I also created the lookup sonicwall_os_guess.csv as suggested by you but I was still not able to fix the error.

Can you please suggest any alternate steps that could get the app running?

Thanks a lot!

0 Karma

ermco
Explorer

I went into the lookup definitions and there was no entry for sonicwall_os_guess.

Also, I've been receiving messages in splunk stating "received event for unconfigured/disabled/deleted index='sonicwall_summary' with source='source::total_mb' host='host::ERMCO-BS1' sourcetype='sourcetype::stash' (1 missing total)"

I'm not sure if this is related or not.

jalfrey
Communicator

Hi this is the app developer over at Dell Sonicwall. Sorry for the bug. I have another release that will be going on this week to fix this bug. In the short term you can go to:
settings -> lookups -> lookup definitions -> app context = Dell Sonicwall Analytics -> sonicwall_os_guess -> disable

Or you can put a stub into the lookup file. The file is located $splunk_install/etc/apps/dsa/lookups/sonicwall_os_guess.csv

src_ip, start_time, os
1.1.1.1, "2014-01-01 01:01", windows
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...