Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why is the "Continue to app setup page" button in the Splunk App for Enterprise Security setup not working?

jamesvz84
Communicator
‎07-30-2015 01:52 PM

I am trying to install Enterprise Security Installer to install ES. When I click the "Continue to app setup page" button, I see the following:

500 Internal Server Error

Return to Splunk home page

View more information about your request (request ID = 55ba88708c91b47dd630) in Search 

This page was linked to from https://localhost:8000/en-US/app/SplunkEnterpriseSecuritySuite/.

When I click the link to view more information, I see this...

7 errors occurred while the search was executing. Therefore, search results might be incomplete. Hide errors.
Info.csv being bloated by "lookup" log messages . Will not log additional errors. Refer search.log
The lookup table 'asset_identity_lookup_default_fields' does not exist. It is referenced by configuration '(?::){0}XmlWinEventLog:*'.
The lookup table 'asset_lookup_by_cidr' does not exist. It is referenced by configuration '(?::){0}XmlWinEventLog:*'.
The lookup table 'asset_lookup_by_cidr' does not exist. It is referenced by configuration '(?::){0}bro_*'.
The lookup table 'asset_lookup_by_str' does not exist. It is referenced by configuration '(?::){0}XmlWinEventLog:*'.
The lookup table 'asset_lookup_by_str' does not exist. It is referenced by configuration '(?::){0}bro_*'.
The lookup table 'identity_lookup_expanded' does not exist. It is referenced by configuration '(?::){0}XmlWinEventLog:*'.

Seems like some lookup tables are missing. However, I thought the installer was supposed to install all needed lookup tables? How can I fix this?

0 Karma
Reply

doksu
Contributor
‎08-03-2015 04:38 PM

This wouldn't happen to be Splunk 6.1.x? Recent versions of ES require Splunk 6.2.3+.

0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎07-30-2015 07:16 PM

Is this an Upgrade? Or a clean install? On Windows?

0 Karma
Reply

jamesvz84
Communicator
‎07-31-2015 06:19 AM

Clean install on Windows.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...