Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

ESS error with conf 'oracle' lookup table 'oracle_action_lookup'

xuanyun
Path Finder
‎09-15-2013 11:01 PM

Dear expert:

When I installed ESS, I found a ERROR on the top of splunk's web.

Error 'Could not find all of the specified destination fields in the lookup table.' for conf 'oracle' and lookup table 'oracle_action_lookup'.

I didn't do any change.
How can I solve it?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

LukeMurphey
Champion
‎09-16-2013 08:57 AM

'oracle_action_lookup' is part of TA-oracle and it is used for converting the action field provided from Oracle to a Common Information Model equivalent.

I cannot figure out why you would see this error because the props.conf entry only looks up one field so is should work:

[oracle]
...
LOOKUP-action_for_oracle_auth = oracle_action_lookup ACTION OUTPUTNEW action

I recommend opening a support case and providing a diag. Support should be able to identify the problem fairly quickly with a diag.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

LukeMurphey
Champion
‎09-16-2013 08:57 AM

'oracle_action_lookup' is part of TA-oracle and it is used for converting the action field provided from Oracle to a Common Information Model equivalent.

I cannot figure out why you would see this error because the props.conf entry only looks up one field so is should work:

[oracle]
...
LOOKUP-action_for_oracle_auth = oracle_action_lookup ACTION OUTPUTNEW action

I recommend opening a support case and providing a diag. Support should be able to identify the problem fairly quickly with a diag.

0 Karma
Reply
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...