Splunk Search

Missing SSE-data_availability_latency_status.csv in Splunk Security Essentials 3.8.0

Iris_Pi
Path Finder

When navigating to "ESS" -> "Data" -> "Data Availability", will get the following error:
>>>
Error in 'lookup' command: Could not construct lookup 'SSE-data_availability_latency_status.csv, productId'. See search.log for more details.
<<<

I can find the definition of  SSE-data_availability_latency_status in "lookup" -> "lookup definitions". However, it looks the SSE-data_availability_latency_status.csv doesn't exist.
>>>
| inputlookup SSE-data_availability_latency_status.csv --> The lookup table 'SSE-data_availability_latency_status.csv' requires a .csv or KV store lookup definition.
<<<

I'm using Splunk cloud 9.1.2312.102 and ESS 3.8.0.

Thanks for your reply in advance!

 

Labels (1)
0 Karma

deepakc
Builder

In the Gui >  Data > Data availability - Click on the Green Base Line Search Button, that will generate the look up, you can then go back to the Data availability and it should display results.   

0 Karma

Iris_Pi
Path Finder

Thanks much for the reply, it works now!

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...