I have set up the app and it is receiving data. However, I keep getting an error stating "The lookup table 'sonicwall_os_guess' does not exist. It is referenced by configuration 'dell_ipfix'."
I am running SonicOS Enhanced 5.9.0.6-3o.
Please update the app. It should fix the problem.
The update still have the warning, so I uninstalled the app but left the data. I installed the update clean and my data is showing now with no errors. Thank you.
I also didn't see sonicwall_os_guess in lookup definitions. I also tried adding the sonicwall_os_guess.csv lookup to the list of existing lookups.
Can you suggest any other option that we could try?
Thanks a lot!,Is there a fix that has been applied to the app yet? I also didn't see sonicwall_os_guess in lookup definitions.
I also created the lookup sonicwall_os_guess.csv as suggested by you but I was still not able to fix the error.
Can you please suggest any alternate steps that could get the app running?
Thanks a lot!
I went into the lookup definitions and there was no entry for sonicwall_os_guess.
Also, I've been receiving messages in splunk stating "received event for unconfigured/disabled/deleted index='sonicwall_summary' with source='source::total_mb' host='host::ERMCO-BS1' sourcetype='sourcetype::stash' (1 missing total)"
I'm not sure if this is related or not.
Hi this is the app developer over at Dell Sonicwall. Sorry for the bug. I have another release that will be going on this week to fix this bug. In the short term you can go to:
settings -> lookups -> lookup definitions -> app context = Dell Sonicwall Analytics -> sonicwall_os_guess -> disable
Or you can put a stub into the lookup file. The file is located $splunk_install/etc/apps/dsa/lookups/sonicwall_os_guess.csv
src_ip, start_time, os
1.1.1.1, "2014-01-01 01:01", windows