All Apps and Add-ons

Why am I receiving lookup error "could not find the specified lookup fields in the lookup table : endpoint_change_status_lookup"?

Communicator

alt text

Hello Splunkers,

I am facing this strange error since the time i have installed Palo Alto Networks App for Splunk. This error is coming to every search in all pre-built and custom apps in Splunk. I tried to figure out why its coming and how to solve this but no luck.

Can anyone please help me get rid of this?

0 Karma
Highlighted

Re: Why am I receiving lookup error "could not find the specified lookup fields in the lookup table : endpoint_change_status_lookup"?

Builder

Hello,

That lookup table (endpointchangestatuslookup) doesn't exist in the PAN App or Add-on. Most likely there is something you've created in a props.conf or transforms.conf that creates a lookup called "endpointchangestatuslookup". This lookup table seems to be missing a field or not exist.

I recommend doing a find across all files in your splunk directory for the lookup table name: endpointchangestatus_lookup

Find where this lookup table is configured and remove it or add the necessary fields that are causing the error.

View solution in original post

0 Karma
Highlighted

Re: Why am I receiving lookup error "could not find the specified lookup fields in the lookup table : endpoint_change_status_lookup"?

Communicator

you are right, this was coming from another app blueliv, we corrected it and its fine now. Thanks @btorresgil for prompt response.

0 Karma