Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is there an issue with Enterprise Security access for lookups created by DB Connect?

AlexeySh
Communicator
‎06-20-2018 08:37 AM

Hello,

We have an issue with the access to lookup tables generated by Splunk DB Connect. The tables are shared for all apps and everyone has a read access to it.

alt text

But when we try to call for those lookups from Enterprise Security we have an error “The lookup table 'xxx.csv' does not exist or is not available.” At the same time, the lookups are perfectly usable from Search & Reportings.

Could you tell please what we doing wrong?

Thanks for the help.

Regards,
Alex.

Preview file
1 KB
Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎06-20-2018 08:54 PM

See “importing add ons with different naming convention” here:

https://docs.splunk.com/Documentation/ES/5.1.0/Install/ImportCustomApps

In ESS you have to edit a regular expression that tells ESS which apps to import.

View solution in original post

Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎06-20-2018 08:54 PM

See “importing add ons with different naming convention” here:

https://docs.splunk.com/Documentation/ES/5.1.0/Install/ImportCustomApps

In ESS you have to edit a regular expression that tells ESS which apps to import.

Reply
Solved! Jump to solution

AlexeySh
Communicator
‎06-21-2018 12:22 AM

Hello @jkat54

Yep, that's exactly what I had to do.

Thanks for the help!

Alex.

Reply
Solved! Jump to solution

pdaigle_splunk
Splunk Employee
Splunk Employee
‎06-20-2018 10:14 AM

Assuming you are using the dbxlookup command or dbxquery command, you need to go to the "manage app" page and select "View objects for the DB Connect app. On that page, you will see dbxlookup, dbxquery, etc. and will need to make sure Sharing is set to Global for this capability. I think that might be the issue, especially if you are using those commands.

0 Karma
Reply
Solved! Jump to solution

AlexeySh
Communicator
‎06-21-2018 12:25 AM

Hello @pdaigle_splunk

You're right, we use dbxquery command. But it is already global.
But thanks for your answer and for your time!

The real cause was discribed by @jkat54

0 Karma
Reply
Solved! Jump to solution

pdaigle_splunk
Splunk Employee
Splunk Employee
‎06-21-2018 07:30 AM

Hello @AlexeySh.....no worries....glad you were able to get an answer.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...