Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Cisco Firewalls/IPS apps update, now I get lookup table error

awsdcuser
Explorer
‎02-12-2013 07:52 AM

I recently updated Cisco Firewalls and Cisco IPS apps to the latest versions (2.0 and 2.0.0). Now when I perform a search I receive errors similar to this: "The lookup table 'err_code_lookup' does not exist. It is referenced by configuration 'diff text here'."

From some investigating, it looks like it is looking for a non-existing file. I appreciate any help on how to obtain this file or fix this error.

Thanks.

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

awsdcuser
Explorer
‎02-12-2013 09:41 AM

Splunk provided the missing file.

View solution in original post

Reply
Solved! Jump to solution

AWDItTech
New Member
‎08-21-2013 11:38 PM

I managed to find a difference between the file event_codes.csv in the (Splunk_CiscoSecuritySuite/lookups + Splunk_CiscoFirewalls/lookups) & the TA-cisco_asa/lookups.

The TA-cisco_asa had the first line as
log_level_desc,log_level,errorcode,event_desc
instead of
log_level_desc,log_level,error_code,event_desc
Problem fixed by copying over the file, or you could edit it

0 Karma
Reply
Solved! Jump to solution
Solution

awsdcuser
Explorer
‎02-12-2013 09:41 AM

Splunk provided the missing file.

Reply
Solved! Jump to solution

rpetrini
Engager
‎08-17-2013 09:58 AM

I uninstalled and reinstalled without the upgrade option. I still do not have the file. I am using the firewall app. Where do I get the file?

0 Karma
Reply
Solved! Jump to solution

awsdcuser
Explorer
‎05-06-2013 07:08 AM

Did you perform an upgrade from a previous version to 2.0.0? If so the way I fixed it was to remove the app and then do a fresh install of the 2.0.0 (not an upgrade).

0 Karma
Reply
Solved! Jump to solution

srich
Explorer
‎05-03-2013 10:03 PM

I see this was marked as the answer but how do the rest of us get the file?

0 Karma
Reply
Solved! Jump to solution

awsdcuser
Explorer
‎03-14-2013 02:19 PM

For me it was a problem when performing the upgrade for both apps. For the firewall app I had talked with a Splunk engineer who provided the missing file. For the IPS app I removed the app and then installed it from the current 2.0.0 version (no upgrading) and it works.

Reply
Solved! Jump to solution

arozar
Explorer
‎03-13-2013 07:48 AM

Where can I get this file? I too am receiving this message now.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...