Could not load lookup=LOOKUP-vender_info_for_pan_c...

mwi011 · ‎10-31-2018

After installing the PaloAlto Networks Add-On using the installation guide and confirming I'm getting logs from the Firewall.

We are getting the following errors:

Could not load lookup=LOOKUP-vendor_info_for_pan_config

In addition none of the dashboards are populating data even though I know there are logs.

Is there additional configuration that needs to be done.

woodcock · ‎04-23-2019

You must add it in the right place. Go to Settings -> Lookups -> Lookup Definitions and search for the reported lookup ( vendor_info_for_pan_config). There you will see the name of the lookup file being used and the app which should own it. Create/replace the lookup file with the same name in that app and the error will go away.

mwi011 · ‎11-15-2018

App - 6.1.0
Add-On - 6.1.0

Yes the file is there and has data in it.

mwi011 · ‎11-15-2018

App - 6.1.0
Add-On - 6.1.0

Yes the file is located and has data in it.

btorresgil · ‎11-15-2018

What version of the App/Add-on are you using?
Do you have a file in your Splunk_TA_paloalto/lookups directory called pan_vendor_info.csv?

Could not load lookup=LOOKUP-vender_info_for_pan_config

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!