I am trying to install Enterprise Security Installer to install ES. When I click the "Continue to app setup page" button, I see the following:
500 Internal Server Error
Return to Splunk home page
View more information about your request (request ID = 55ba88708c91b47dd630) in Search
This page was linked to from https://localhost:8000/en-US/app/SplunkEnterpriseSecuritySuite/.
When I click the link to view more information, I see this...
7 errors occurred while the search was executing. Therefore, search results might be incomplete. Hide errors.
Info.csv being bloated by "lookup" log messages . Will not log additional errors. Refer search.log
The lookup table 'asset_identity_lookup_default_fields' does not exist. It is referenced by configuration '(?::){0}XmlWinEventLog:*'.
The lookup table 'asset_lookup_by_cidr' does not exist. It is referenced by configuration '(?::){0}XmlWinEventLog:*'.
The lookup table 'asset_lookup_by_cidr' does not exist. It is referenced by configuration '(?::){0}bro_*'.
The lookup table 'asset_lookup_by_str' does not exist. It is referenced by configuration '(?::){0}XmlWinEventLog:*'.
The lookup table 'asset_lookup_by_str' does not exist. It is referenced by configuration '(?::){0}bro_*'.
The lookup table 'identity_lookup_expanded' does not exist. It is referenced by configuration '(?::){0}XmlWinEventLog:*'.
Seems like some lookup tables are missing. However, I thought the installer was supposed to install all needed lookup tables? How can I fix this?
This wouldn't happen to be Splunk 6.1.x? Recent versions of ES require Splunk 6.2.3+.
Is this an Upgrade? Or a clean install? On Windows?
Clean install on Windows.