I have an install of splunk 5.0.1 that was using an old lea-loggrabber app. I have installed the new Splunk support LEA grabber for OPSEC and now seem to have issues with my logs not showing anymore. I can see from tcpdump that the logs are being sent to the splunk server, however they do not show in splunk search. Also when trying to perform a search now I get the following errors
"Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'opsec' and lookup table 'checkpoint_action_lookup'.
... View more