I have changed setup page in the new version of Application. The Older version of the application had different setup page. The user must go to setup page after upgrading Application. Is it possible to add simply any parameter other than is_configured=false?
Any help would be appreciated.
↧
Need help in Upgrade scenario for splunk app.
↧
How to migrate DB lookup tables from Splunk DB Connect v1 to latest version?
Hi Splunkers,
Our database team has a Database reporting app which uses Splunk DB Connect v1 add-on and DB lookup tables. We would like to have them migrated to the new Splunk DB Connect add-on which we have installed presently.
We would like to completely migrate a few DB lookup tables from Splunk DB connect v1 to latest Splunk DB connect which we will be using and make the latest version as the primary Splunk DB connect for our users.
Please help in steps to have this lookup tables migrated to new Splunk DB Connect and use the search queries based on the these DB lookup tables.
Any help is appreciated.
Thanks in advance.
↧
↧
Is it possible to only upgrade the license server to 6.5.0, but keep the rest of our Splunk instance at 6.4.2?
Hi Team,
We are planning to upgrade license server Splunk instance from 6.4.2 to 6.5.0, can we upgrade only license server to 6.5.0 and keep all other instances like search head, indexer servers in version 6.4.2??
Kindly provide your inputs.
Thanks in advance!
Regards,
BK
↧
Why am I unable to upgrade the Splunk Add-on for Tenable?
I am trying to update the Splunk Add-on for Nessus from version 3.0.2 to 5.1.1, but got error message "An error occurred while installing the app: 400" Any ideas or suggestions? Thank you!
↧
How should upgrade splunk on other director?
Hi, my splunk install on /home/splunk, i have try rpm -i -Uvh --prefix=/home splunk-6.5.3-36937ad027d4-linux-2.6-x86_64.rpm, but show "package splunk-6.5.3-36937ad027d4.x86_64 is already installed". i need remove splunk than re-install? thanks.
↧
↧
Splunk Offline command - running for hours
I've opened a support ticket but hoping someone may have seen this. I have an indexer cluster with two indexers and a cluster master and I'm upgrading all of them from 6.4.3 to 6.4.6.
CM was upgraded and placed into maintenance mode. Indexer 1 was taken offline (by using "splunk offline"), upgraded and rebooted.
On Indexer 2, issued a "splunk offline" command, and it's still running 5 hours later. The machine isn't locked - the status "dots" keep filling up the command window.
Has anyone encountered this, or is anyone aware of a way to check the actual offline status and possibly close the window? I was following along with the upgrade procedure, but can't find any mention of this situation anywhere.
↧
Splunk license master upgradation
We have 3 Indexers, 2 Search Heads, 1 Master Indexer/License Master/Deployment server all instances working on 6.3.
We are planning to upgrade Splunk to 6.5, but for initial stage we are planning to go with an upgrade only for Master Indexer which is a license master as well for us and later rest of the servers can be upgraded.
Please suggest if any plan we can go ahead with to get the infra upgraded to 6.5 Splunk or the entire cluster needs to be upgraded at once.
Thanks.
Vikram,.
↧
Splunk Enterprise Security: Why can't I create an ad-hoc notable event after upgrade?
We have just upgraded Splunk Enterprise 6.4.1 / Splunk Enterprise Security 4.1.1 to Splunk Enterprise 6.5.2 with Splunk Enterprise Security 4.5.2.
When I try to create an Ad-Hoc Notable Event I get the following error in the UI:
Failed to create notable event: Not Found
Firefox Debug:
https://splunk-es/en-US/splunkd/__raw/services/alerts/modaction_adhoc [HTTP/1.1 404 Not Found 16ms]
↧
Why is Splunk Answers undergoing maintenance from 5:00am - 9:00am EDT on Thursday, April 27, 2017?
I hear there will be a maintenance window for Splunk Answers between 5:00AM – 9:00AM EDT on Thursday, April 27, 2017. Can anyone provide more details on this?
↧
↧
Do we need an active Annual Splunk Enterprise Support license to be able to update our Splunk Enterprise environment?
We plan to update our older Splunk Enterprise Environment (5.xx) for which we have Perpetual Enterprise Licenses to an up-to-date Enterprise Version. Do we need to buy/reactivate the Annual Enterprise Support Licenses to be allowed to do so?
↧
What is the recommended upgrade order for search heads, indexers, heavy forwarders, deployment server, etc.?
I am currently planning on upgrading our Splunk Enterprise to version 6.5.2. I know I need to upgrade the Search Heads prior to the Indexers but I'm not sure what order everything else belongs in and am looking for a recommendation.
We have 18 indexers, running version 6.4.1.
We have 8 search heads in a cluster, running version 6.4.1.
We have a deployer (Cluster Master), running version 6.4.1.
We have a deployment server, running version 6.3.1.
We have 4 heavy forwarders that we use as syslog-ng and snmptrapd servers, running versions 6.3.1
We have several standalone search heads, not in the cluster, that do our alerting and run Splunk DB Connect and/or the Splunk App for CEF, running in either 6.3.1 or 6.4.1.
We have a mixed bag of Universal Forwarders running 5.x and 6.x versions.
↧
After upgrading to Splunk 6.6.0, why am I receiving warning messages such as "WARN SSLCommon - Received fatal SSL3 alert"?
Hi,
I upgraded a Search Head to 6.6.0, and am getting the following messages continuously...
5-10-2017 13:12:10.558 -0400 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='handshake failure'.
05-10-2017 13:12:10.558 -0400 WARN HttpListener - Socket error from 127.0.0.1 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
05-10-2017 13:12:13.181 -0400 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='handshake failure'.
05-10-2017 13:12:13.181 -0400 WARN HttpListener - Socket error from 127.0.0.1 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
05-10-2017 13:12:15.624 -0400 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='handshake failure'.
05-10-2017 13:12:15.624 -0400 WARN HttpListener - Socket error from 127.0.0.1 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
↧
After upgrading to 6.6.0, why is Splunk unable to connect to license manager with error "SSL3_GET_RECORD:wrong version number"?
After upgrading a client Splunk to v6.6.0, I see the following message when restarting the Splunk instance:
License Manager: Failed to contact license master: reason='Unable to connect to license master=https://-redacted-:8089 Error connecting: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number', first failure time=1494443896 (Wed May 10 12:18:16 2017 PDT).
This worked great with previous Splunk versions. The most recent version before the upgrade was:
splunk-6.5.0-59c8927def0f-linux-2.6-amd64.deb
The upgrade (with the error) is:
splunk-6.6.0-1c4f3bbe1aea-linux-2.6-amd64.deb
↧
↧
Why are AWS ELB Health Checks not working properly after upgrading to Splunk 6.6.0?
I am having some issues specifically with the Splunk 6.6.0 version and my AWS ELB health checks not going healthy. I wanted to see if it is a one-off issue or others were having the same problems before I open up a Splunk Enterprise Support Case.
The problem, I have a proof of concept environment setup within one of our AWS accounts and recently upgraded it from v6.5 to v6.6.0 to test it out before deploying it. Post upgrade, the following health check, which were were working fine prior to the upgrade, is no longer working.
![alt text][1]
I have attempted to remove the nodes from the original ELB and add them back into it without any luck. I have also deleted the original ELB and re-created it with the same settings as before the upgrade without any luck.
There are only two ways I can get the health check to work properly. The first one is when I change the health check over to TCP:443 instead of HTTPs:443 and the nodes flip over to inservice. That is not an option I want to use as it only watches for a listening port and not that Splunk is running. The second one is if I put Splunk v6.3 or v6.5 instances into the same ELB and those nodes will flip over to inservice.
As a side note, the exact same health checks works fine in a Application ELB but not with the Classic ELB. The problem with that option is we cannot get it working for the Splunk API, another project for later.
Any thoughts? Thanks in advanced for the help!
[1]: /storage/temp/194557-2017-05-17-09-18-35.png
↧
what are the testing needs to perform after the AMI upgradation in splunk environment?
We have installed splunk in AWS infrastructure. Now we are upgrading Splunk from RHEL AMI to AWS Linux AMI. What are the testing needs to do for the specific splunk instances(DMC,Search head, Indexer,Proxy,Exporter,Cluster master, License master) to check the splunk functionalities.
Currently we are running splunk 6.5.3 in our environment.
↧
Moving splunk from one directory to another in Windows
We have several servers where the Universal Forwarder has been installed to the wrong drive/directory. During our upgrade window, we are wanting to move these installations to the correct drive/directory.
What is the best way to go about this without losing or duplicating data?
↧
How to ensure logs generated during Universal Forwarder upgrade are not lost or duplicated?
We are about to upgrade several hundred Universal Forwarders (UF) in our environment. We want to make sure that any logs that were generated during the upgrade of the UF would not be lost or duplicated. I did find info on `current_only`, however it seem this is only for the ***Windows Event Log Monitor***, and not the ***MONITOR:***.
Is there anything we need to make sure we have in place?
How will the UF know where the old version left off?
I have tried to look this up, but with all the posts just named *Universal Forwarder*, I could have overlooked if this has been asked before.
↧
↧
Can you upgrade Splunk Enterprise Security on a test server that points at the same Index layer?
I am planning out the first upgrade of Splunk Enterprise Security (Splunk ES) and am working out how. When we installed the system with Professional Services, we had a test server and our production search head pointing at the same index layer. These were both the same version of ES and allowed us to test some configs. Now that I am working on a major version upgrade (3.3.1 to 4.1.4 to 4.7.1), will it break things having a test server upgraded to 4.1.4 if the 3.3.1 search head is still up? Or is the better strategy now to snapshot the Prod server and upgrade there?
↧
Splunk Enterprise Security: After upgrading, why do I receive error "Install cannot continue because some apps are configured to deny disablement"?
upgraded Splunk Enterprise Security (ES) from v4.5.2 and after restarting Splunk and navigating to the ES app, we receive the error:
"Install cannot continue because some apps are configured to deny disablement: SA-IdentityManagement,SAThreatIntelligence,Splunk_TA_windows,Splunk_TA_sourcefire,DA-ESS-ThreatIntelligence,DA-ESS-NetworkProtection,SA-EndpointProtection,DA-ESS-IdentityManagement,DA-ESS-EndpointProtection,DA-ESS-AccessProtection,Splunk_SA_CIM,SA-AccessProtection,Splunk_SA_ExtremeSearch,SA-UEBA,SA-Utils,TA-nmap,Splunk_TA_oracle,Splunk_TA_nix,SA-AuditAndDataProtection,Splunk_TA_ossec,SA-NetworkProtection"
↧
How to upgrade Splunk Enterprise 6.3.x to the latest version as a stand alone machine?
My stand alone Splunk Enterprise v6.3 is currently running on my Mac machine & i am thinking of upgrading to the latest version because of the licensing issue i am seeing with the current version.
Please give me the details of what and where to take the backup of the current running data.
Also let me know is there any upgrade option available in the Splunk launcher page.
Thanks in Advance.
↧