Splunk Enterprise Security

Why is the "Continue to app setup page" button in the Splunk App for Enterprise Security setup not working?

jamesvz84
Communicator

I am trying to install Enterprise Security Installer to install ES. When I click the "Continue to app setup page" button, I see the following:

500 Internal Server Error

Return to Splunk home page

View more information about your request (request ID = 55ba88708c91b47dd630) in Search 

This page was linked to from https://localhost:8000/en-US/app/SplunkEnterpriseSecuritySuite/.

When I click the link to view more information, I see this...

7 errors occurred while the search was executing. Therefore, search results might be incomplete. Hide errors.
Info.csv being bloated by "lookup" log messages . Will not log additional errors. Refer search.log
The lookup table 'asset_identity_lookup_default_fields' does not exist. It is referenced by configuration '(?::){0}XmlWinEventLog:*'.
The lookup table 'asset_lookup_by_cidr' does not exist. It is referenced by configuration '(?::){0}XmlWinEventLog:*'.
The lookup table 'asset_lookup_by_cidr' does not exist. It is referenced by configuration '(?::){0}bro_*'.
The lookup table 'asset_lookup_by_str' does not exist. It is referenced by configuration '(?::){0}XmlWinEventLog:*'.
The lookup table 'asset_lookup_by_str' does not exist. It is referenced by configuration '(?::){0}bro_*'.
The lookup table 'identity_lookup_expanded' does not exist. It is referenced by configuration '(?::){0}XmlWinEventLog:*'.

Seems like some lookup tables are missing. However, I thought the installer was supposed to install all needed lookup tables? How can I fix this?

0 Karma

doksu
SplunkTrust
SplunkTrust

This wouldn't happen to be Splunk 6.1.x? Recent versions of ES require Splunk 6.2.3+.

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Is this an Upgrade? Or a clean install? On Windows?

0 Karma

jamesvz84
Communicator

Clean install on Windows.

0 Karma