Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why are there errors when resolving missing lookup tables/fields?

afolabia
Path Finder
‎04-30-2019 12:39 PM

I'm having errors resolving several missing lookup tables. Any help to resolve these will be appreciated.

The lookup table 'xmlsecurity_eventcode_errorcode_action_lookup' does not exist. It is referenced by configuration 'source::XmlWinEventLog:Security'

Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'WMI:WinEventLog:Security' and lookup table 'windows_app_lookup'

The lookup table 'windows_severity_lookup' does not exist. It is referenced by configuration 'WMI:WinEventLog:System'

Thanks

0 Karma
Reply

lakshman239
SplunkTrust
SplunkTrust
‎05-01-2019 05:25 AM

Looks like your install/upgrade of Splunk add-on for windows didn't go through fine. Pls re-install/upgrade again and use version 5.x or 6.x [ has major changes]

0 Karma
Reply

bullbo
Engager
‎12-03-2019 10:34 AM

Reloaded Splunk add-on for Windows (v7.0) and still get the same errors. Anything else it could be?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...