Receiving multiple pop-ups when trying to run a search:
The lookup table 'windows_event_descriptions' does not exist. It is referenced by configuration 'source::(MonitorWare|NTSyslog|Snare|WinEventLog|WMI:WinEventLog)...'.
Added the below stanza in metadata/local.meta also metadata/default.meta
[lookups] export = system
Also, found that the csv "windowseventdescriptions" is not present in the lookups folder of the application.
Do I need to generate a csv? If yes, what fields would the present in the csv?
This is an automatic lookup, so how would Splunk create a automatic lookup?
The lookup table 'windowseventdescriptions' does not exist. It is referenced by configuration 'source::(MonitorWare|NTSyslog|Snare|WinEventLog|WMI:WinEventLog)...
Have the same issue.
Hi himapate, I believe the issue is that you need to make the lookup in question available. This seems similar to a previous question : https://answers.splunk.com/answers/298992/how-do-you-resolve-the-error-the-lookup-table-wind.html
The splunk app for windows infrastructure can be found here : https://splunkbase.splunk.com/app/1680/
Installing the app or otherwise extracting the windowseventdescriptions.csv should resolve the issue.
Please let me know if this answers you question! 😄