Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is there an issue with Enterprise Security access for lookups created by DB Connect?

AlexeySh
Communicator
‎06-20-2018 08:37 AM

Hello,

We have an issue with the access to lookup tables generated by Splunk DB Connect. The tables are shared for all apps and everyone has a read access to it.

alt text

But when we try to call for those lookups from Enterprise Security we have an error “The lookup table 'xxx.csv' does not exist or is not available.” At the same time, the lookups are perfectly usable from Search & Reportings.

Could you tell please what we doing wrong?

Thanks for the help.

Regards,
Alex.

Preview file
1 KB
Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎06-20-2018 08:54 PM

See “importing add ons with different naming convention” here:

https://docs.splunk.com/Documentation/ES/5.1.0/Install/ImportCustomApps

In ESS you have to edit a regular expression that tells ESS which apps to import.

View solution in original post

Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎06-20-2018 08:54 PM

See “importing add ons with different naming convention” here:

https://docs.splunk.com/Documentation/ES/5.1.0/Install/ImportCustomApps

In ESS you have to edit a regular expression that tells ESS which apps to import.

Reply
Solved! Jump to solution

AlexeySh
Communicator
‎06-21-2018 12:22 AM

Hello @jkat54

Yep, that's exactly what I had to do.

Thanks for the help!

Alex.

Reply
Solved! Jump to solution

pdaigle_splunk
Splunk Employee
Splunk Employee
‎06-20-2018 10:14 AM

Assuming you are using the dbxlookup command or dbxquery command, you need to go to the "manage app" page and select "View objects for the DB Connect app. On that page, you will see dbxlookup, dbxquery, etc. and will need to make sure Sharing is set to Global for this capability. I think that might be the issue, especially if you are using those commands.

0 Karma
Reply
Solved! Jump to solution

AlexeySh
Communicator
‎06-21-2018 12:25 AM

Hello @pdaigle_splunk

You're right, we use dbxquery command. But it is already global.
But thanks for your answer and for your time!

The real cause was discribed by @jkat54

0 Karma
Reply
Solved! Jump to solution

pdaigle_splunk
Splunk Employee
Splunk Employee
‎06-21-2018 07:30 AM

Hello @AlexeySh.....no worries....glad you were able to get an answer.

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...