We are on Splunk Cloud 6.4. We have Splunk Enterprise Security too.
FireEye App for Splunk Enterprise v3 (ver 3.0.8) was installed. Ever since we installed that, we've been getting the below errors in all queries.
Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'fe_cef_syslog' and lookup table 'fireeye_severity_lookup'
Also, the FireEye app doesn't show any value..it shows all ZEROs..
Any help on how to fix the above issues?
In one of the posts, I read that the legacy FireEye add-on TA 3.3.0 should be disabled..will this impact the existing fireEye_CEF log formats if disabled?
... View more