Solved: The lookup table 'nix_action_lookup' does not exis...

hartfoml · ‎08-05-2013

Arg this is so frustrating.

I cant find the nix_action_lookup and I can't find the IDS config.

How do i troubleshoot this error.

Is there a btool shortcut to find where this permissions issue is coming from and where the files and config is so I can update permissions.

Arggggg

need help before I go mad and strangler a honey badger

lukejadamec · ‎08-06-2013

I believe nix_action_lookup is defined as vendor_action.csv
Go to Manager>Lookups>Lookup Definitions> and Select All Apps. You should find it in that list.
Set the permissions to Global.

View solution in original post

lukejadamec · ‎08-06-2013

I believe nix_action_lookup is defined as vendor_action.csv
Go to Manager>Lookups>Lookup Definitions> and Select All Apps. You should find it in that list.
Set the permissions to Global.

hartfoml · ‎08-06-2013

Thanks Luck this was helpful and i am crediting you with the answer although i was on a web-ex with support we were able to solve the permissions problem but we can't quiet say how.

lukejadamec · ‎08-06-2013

My fault. You are failing on the Automatic Lookup permissions, not the Lookup Definition permissions.
Make sure Manager>Lookups>Automatic Lookups> permissions are set to global.

hartfoml · ‎08-06-2013

Luke,

It's so easy when you know where to look. I did find the definition there and it was set to global. I changed the permissions to Read&Write for all and am still getting the error message. I wouldn't think I would have to do anything on the indexers for this. I shouldn't have to have the lookup on the indexer for any reason should I?

Can you help just a little more please.

The lookup table 'nix_action_lookup' does not exist. It is referenced by configuration 'IDS

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor