Splunk Search
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is there an issue with Enterprise Security access for lookups created by DB Connect?

AlexeySh
Communicator
‎06-20-2018 08:37 AM

Hello,

We have an issue with the access to lookup tables generated by Splunk DB Connect. The tables are shared for all apps and everyone has a read access to it.

alt text

But when we try to call for those lookups from Enterprise Security we have an error “The lookup table 'xxx.csv' does not exist or is not available.” At the same time, the lookups are perfectly usable from Search & Reportings.

Could you tell please what we doing wrong?

Thanks for the help.

Regards,
Alex.

01.png
Preview file
7 KB
Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎06-20-2018 08:54 PM

See “importing add ons with different naming convention” here:

https://docs.splunk.com/Documentation/ES/5.1.0/Install/ImportCustomApps

In ESS you have to edit a regular expression that tells ESS which apps to import.

View solution in original post

Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎06-20-2018 08:54 PM

See “importing add ons with different naming convention” here:

https://docs.splunk.com/Documentation/ES/5.1.0/Install/ImportCustomApps

In ESS you have to edit a regular expression that tells ESS which apps to import.

Reply
Solved! Jump to solution

AlexeySh
Communicator
‎06-21-2018 12:22 AM

Hello @jkat54

Yep, that's exactly what I had to do.

Thanks for the help!

Alex.

Reply
Solved! Jump to solution

pdaigle_splunk
Splunk Employee
Splunk Employee
‎06-20-2018 10:14 AM

Assuming you are using the dbxlookup command or dbxquery command, you need to go to the "manage app" page and select "View objects for the DB Connect app. On that page, you will see dbxlookup, dbxquery, etc. and will need to make sure Sharing is set to Global for this capability. I think that might be the issue, especially if you are using those commands.

0 Karma
Reply
Solved! Jump to solution

AlexeySh
Communicator
‎06-21-2018 12:25 AM

Hello @pdaigle_splunk

You're right, we use dbxquery command. But it is already global.
But thanks for your answer and for your time!

The real cause was discribed by @jkat54

0 Karma
Reply
Solved! Jump to solution

pdaigle_splunk
Splunk Employee
Splunk Employee
‎06-21-2018 07:30 AM

Hello @AlexeySh.....no worries....glad you were able to get an answer.

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top