Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is there an issue with Enterprise Security access for lookups created by DB Connect?

AlexeySh
Communicator
‎06-20-2018 08:37 AM

Hello,

We have an issue with the access to lookup tables generated by Splunk DB Connect. The tables are shared for all apps and everyone has a read access to it.

alt text

But when we try to call for those lookups from Enterprise Security we have an error “The lookup table 'xxx.csv' does not exist or is not available.” At the same time, the lookups are perfectly usable from Search & Reportings.

Could you tell please what we doing wrong?

Thanks for the help.

Regards,
Alex.

Preview file
7 KB
Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎06-20-2018 08:54 PM

See “importing add ons with different naming convention” here:

https://docs.splunk.com/Documentation/ES/5.1.0/Install/ImportCustomApps

In ESS you have to edit a regular expression that tells ESS which apps to import.

View solution in original post

Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎06-20-2018 08:54 PM

See “importing add ons with different naming convention” here:

https://docs.splunk.com/Documentation/ES/5.1.0/Install/ImportCustomApps

In ESS you have to edit a regular expression that tells ESS which apps to import.

Reply
Solved! Jump to solution

AlexeySh
Communicator
‎06-21-2018 12:22 AM

Hello @jkat54

Yep, that's exactly what I had to do.

Thanks for the help!

Alex.

Reply
Solved! Jump to solution

pdaigle_splunk
Splunk Employee
Splunk Employee
‎06-20-2018 10:14 AM

Assuming you are using the dbxlookup command or dbxquery command, you need to go to the "manage app" page and select "View objects for the DB Connect app. On that page, you will see dbxlookup, dbxquery, etc. and will need to make sure Sharing is set to Global for this capability. I think that might be the issue, especially if you are using those commands.

0 Karma
Reply
Solved! Jump to solution

AlexeySh
Communicator
‎06-21-2018 12:25 AM

Hello @pdaigle_splunk

You're right, we use dbxquery command. But it is already global.
But thanks for your answer and for your time!

The real cause was discribed by @jkat54

0 Karma
Reply
Solved! Jump to solution

pdaigle_splunk
Splunk Employee
Splunk Employee
‎06-21-2018 07:30 AM

Hello @AlexeySh.....no worries....glad you were able to get an answer.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...