×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
khsewell
Engager
Member since: ‎11-21-2020
‎03-31-2024
Community Statistics
Posts 2
Solutions 1
Karma Given 2
Karma Received 1
Member Since ‎11-21-2020
View All

Re: The lookup table '...' does not exist or is no...

by in Splunk Search
‎04-01-2024 02:39 AM
1 Karma
‎04-01-2024 02:39 AM
1 Karma
Thanks, That made me dig in the right place, leading to ... https://splunk.my.site.com/customer/s/article/User-is-getting-an-error-message-when  Essentially, ... it was found that all the lookups present in the app “Splunk_Security_Essentials” are added in denylist by default. Resolution to the error is to add local=true at the end of SPL command as below: ... | lookup isWindowsSystemFile_lookup filename local=true The indexers need a read-only copy of the knowledge bundle in order to run searches. Splunk Security Essentials brings a significant amount of data that does not need to be copied to the search heads. Adding "local=true", forces the lookup to run on the search head and not on any remote peer. That's ok for my purposes I think. ... View more

The lookup table '...' does not exist or is not av...

by in Splunk Search
‎03-31-2024 10:51 AM
‎03-31-2024 10:51 AM
Hi!, This is a contrived example, but could you help me understand why this completes (and functions as expected):   | makeresults format=csv data="filename calc.exe" | lookup isWindowsSystemFile_lookup filename   Whilst this:   index=sandbox | eval filename="calc.exe" | lookup isWindowsSystemFile_lookup filename   throws an error with message:   ... The lookup table 'isWindowsSystemFile_lookup' does not exist or is not available.   The isWindowsSystemFile_lookup is provided by Splunk Security Essentials. Hmm, I'm on splunk cloud. Thanks, Kevin     ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎03-31-2024 08:29 PM
Karma from
View All
Karma given to
View All