The lookup table 'dm_audit_class_type' does not ex...

Lehanov · ‎05-08-2013

Hello

Please help me this issue

The lookup table 'dm_audit_class_type' does not exist. It is referenced by configuration 'WinEventLog:Security'

It seems WinEventLog:Security is internal splunk component so I can't reinstall it like app

ps

Splunk server 5.02 is running under windows

ahall_splunk · ‎05-10-2013

You have the one of the TA-SQLServer technology add-ons on your server. This contains the dm_audit_class_type lookup as an automated lookup.

You have two choices:
1) Edit the props.conf in the TA-SQLServer that you have installed to remove the automatic lookup.
2) Export the lookup table in the TA-SQLServer that you have installed to remove the warning.

Either is a good approach. Note that the new Splunk for SQL Server beta opts for option #1.

lguinn2 · ‎05-09-2013

I would check to see if a lookup table with that name exists - and if it does, then I would make sure that its permissions are properly set.

Second, I might reinstall the Splunk for Windows app.

The lookup table 'dm_audit_class_type' does not exist. It is referenced by configuration 'WinEventLog:Security'

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...