Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Cisco Firewalls/IPS apps update, now I get lookup table error

awsdcuser
Explorer
‎02-12-2013 07:52 AM

I recently updated Cisco Firewalls and Cisco IPS apps to the latest versions (2.0 and 2.0.0). Now when I perform a search I receive errors similar to this: "The lookup table 'err_code_lookup' does not exist. It is referenced by configuration 'diff text here'."

From some investigating, it looks like it is looking for a non-existing file. I appreciate any help on how to obtain this file or fix this error.

Thanks.

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

awsdcuser
Explorer
‎02-12-2013 09:41 AM

Splunk provided the missing file.

View solution in original post

Reply
Solved! Jump to solution

AWDItTech
New Member
‎08-21-2013 11:38 PM

I managed to find a difference between the file event_codes.csv in the (Splunk_CiscoSecuritySuite/lookups + Splunk_CiscoFirewalls/lookups) & the TA-cisco_asa/lookups.

The TA-cisco_asa had the first line as
log_level_desc,log_level,errorcode,event_desc
instead of
log_level_desc,log_level,error_code,event_desc
Problem fixed by copying over the file, or you could edit it

0 Karma
Reply
Solved! Jump to solution
Solution

awsdcuser
Explorer
‎02-12-2013 09:41 AM

Splunk provided the missing file.

Reply
Solved! Jump to solution

rpetrini
Engager
‎08-17-2013 09:58 AM

I uninstalled and reinstalled without the upgrade option. I still do not have the file. I am using the firewall app. Where do I get the file?

0 Karma
Reply
Solved! Jump to solution

awsdcuser
Explorer
‎05-06-2013 07:08 AM

Did you perform an upgrade from a previous version to 2.0.0? If so the way I fixed it was to remove the app and then do a fresh install of the 2.0.0 (not an upgrade).

0 Karma
Reply
Solved! Jump to solution

srich
Explorer
‎05-03-2013 10:03 PM

I see this was marked as the answer but how do the rest of us get the file?

0 Karma
Reply
Solved! Jump to solution

awsdcuser
Explorer
‎03-14-2013 02:19 PM

For me it was a problem when performing the upgrade for both apps. For the firewall app I had talked with a Splunk engineer who provided the missing file. For the IPS app I removed the app and then installed it from the current 2.0.0 version (no upgrading) and it works.

Reply
Solved! Jump to solution

arozar
Explorer
‎03-13-2013 07:48 AM

Where can I get this file? I too am receiving this message now.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...