We are using Splunk Cloud free version 6.3. Is there a way to update it to latest version?
↧
Is there a way to upgrade our Splunk Cloud free version 6.3 to the latest version?
↧
Need help in Upgrade scenario for splunk app.
I have changed setup page in the new version of Application. The Older version of the application had different setup page. The user must go to setup page after upgrading Application. Is it possible to add simply any parameter other than is_configured=false?
Any help would be appreciated.
↧
↧
Installed Standalone splunk 6.6.1V Enterprise & copied the data from Old splunk 6.3V
Installed Standalone splunk 6.6.1V Enterprise in my mac & copied the old splunk data version was 6.3 (/Application/Splunk/*) from different machine to this new one where 6.6.1 is running.
Now while Starting splunk seeing this error "Could not create path /Application/Splunk/**** appearing in indexes.conf:13 Validating databases (splunkd validatedb) failed with code '-1'."
Please give let me know the solution for this.
Also, i want to understand, if i install latest version of Splunk Enterprise by uninstalling older splunk version 6.3 on the same machine(mac), old data still be retrieved.
↧
Why do I receive a 404 error when trying to view or create an index?
We are using Splunk Light and ever since upgrading from 6.2 to 6.5 we are no longer able to create or modify indexes in Splunk Web.
Everything else still seems to work fine, but if I try to view an existing index or click on the 'new' button, I get a 404 error page.
Thanks!
↧
When to upgrade DMC and Deployment server
Hi,
Where in the upgrade sequence does the DMC and Deployment server get done? I don't see anything in the doc that addresses these components.
↧
↧
What is best way to upgrade splunk Enterprise in non clustered Environment ?
splunk Enterprise in non clustered Environment ?
↧
After upgrading to Splunk 6.6, the splunkd.pid file is unreadable. How to fix "Permission denied" errors?
Hi Guys,
I upgraded Splunk from 6.5 to 6.6 since then I'm unable to start Splunk properly, it seems there is some issue in the permission level.
Could you walk me through in steps what I suppose to do to fix the permission denied error message pls? I'm just few months into Splunk so fairly new to everything.
See the error message below:
root@indexer:/opt/splunk/bin# ./splunk status
Warning: cannot create "/opt/splunk/var/log/splunk"
Warning: cannot create "/opt/splunk/var/log/introspection"
Pid file "/opt/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission denied
Cannot initialize: /opt/splunk/etc/apps/Splunk_CiscoSecuritySuite/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/apps/launcher/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/apps/search/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/apps/splunk_instrumentation/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/system/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/apps/learned/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/apps/Splunk_CiscoSecuritySuite/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/apps/launcher/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/apps/search/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/apps/splunk_instrumentation/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/system/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/apps/learned/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/apps/Splunk_CiscoSecuritySuite/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/apps/launcher/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/apps/search/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/apps/splunk_instrumentation/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/system/metadata/local.meta: Permission denied
Cannot initialize: /opt/splunk/etc/apps/learned/metadata/local.meta: Permission denied
Pid file "/opt/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission denied
splunkd.pid file is unreadable.
Pid file "/opt/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission denied
↧
DBX Connect fails to start after upgrading to 3.1.0
I've just upgraded DBX Connect to 3.1.0 from 3.0.6 and I get the "DBX Server is not available, please make sure it is started and listening on 1025 port or consult documentation for details" error. (I set the port to 1025 from the default as part of trying to troubleshoot, but it did not work with the original port 9998 either.
In splunkd.log I see this:
07-01-2017 14:29:54.225 +0400 ERROR ExecProcessor - message from ""C:\Program Files\Splunk\etc\apps\splunk_app_db_connect\windows_x86_64\bin\server.exe"" action=task_server_start_failed error=javax.servlet.ServletException: io.dropwizard.jersey.setup.JerseyServletContainer-4ee5d723@fb567993==io.dropwizard.jersey.setup.JerseyServletContainer,1,false stack=org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:661)\\org.eclipse.jetty.servlet.ServletHolder.initialize(ServletHolder.java:419)\\org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:875)\\org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:349)\\org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:772)\\org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:262)\\org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)\\org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)\\org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106)\\org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)\\com.codahale.metrics.jetty9.InstrumentedHandler.doStart(InstrumentedHandler.java:103)\\org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)\\org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)\\org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)\\org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)\\org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)\\org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)\\org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106)\\org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)\\org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:231)\\org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)\\org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)\\org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106)\\org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)\\org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)\\org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)\\org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106)\\org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)\\org.eclipse.jetty.server.handler.StatisticsHandler.doStart(StatisticsHandler.java:252)\\org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)\\org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)\\org.eclipse.jetty.server.Server.start(Server.java:411)\\org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106)\\org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)\\org.eclipse.jetty.server.Server.doStart(Server.java:378)\\org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)\\io.dropwizard.cli.ServerCommand.run(ServerCommand.java:53)\\io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:44)\\io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:85)\\io.dropwizard.cli.Cli.run(Cli.java:75)\\io.dropwizard.Application.run(Application.java:79)\\com.splunk.dbx.server.bootstrap.TaskServerStart.startTaskServer(TaskServerStart.java:97)\\com.splunk.dbx.server.bootstrap.TaskServerStart.streamEvents(TaskServerStart.java:59)\\com.splunk.modularinput.Script.run(Script.java:66)\\com.splunk.modularinput.Script.run(Script.java:44)\\com.splunk.dbx.server.bootstrap.TaskServerStart.main(TaskServerStart.java:108)\\
In splunk_app_dbconnect_dbx.log I get these
after installing 3.1.0:
2017-07-01T09:23:33+0400 [ERROR] [admin.py], line 421: Failed to fetch DMC settings to verify status
2017-07-01T09:23:33+0400 [ERROR] [admin.py], line 422: [HTTP 404] https://127.0.0.1:8089/services/dmc-conf/settings/settings; [{'code': None, 'type': 'ERROR', 'text': 'Not Found'}]
Traceback (most recent call last):
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\controllers\admin.py", line 418, in _is_DMCDisabled
dmc_settings = en.getEntity(DMC_SETTINGS['url'], 'settings')
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\entity.py", line 249, in getEntity
serverResponse, serverContent = rest.simpleRequest(uri, getargs=kwargs, sessionKey=sessionKey, raiseAllErrors=True)
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\rest\__init__.py", line 550, in simpleRequest
raise splunk.ResourceNotFound(uri, extendedMessages=extractMessages(body))
ResourceNotFound: [HTTP 404] https://127.0.0.1:8089/services/dmc-conf/settings/settings; [{'code': None, 'type': 'ERROR', 'text': 'Not Found'}]
after a restart:
2017-07-01T12:36:56+0400 [ERROR] [root.py], line 663: DJANGO: There was an error starting:
2017-07-01T12:36:56+0400 [ERROR] [root.py], line 664: The SECRET_KEY setting must not be empty.
Traceback (most recent call last):
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\root.py", line 661, in run
configure_django(global_cfg)
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\root.py", line 738, in configure_django
if should_start_django() or FORCE_ENABLE_DJANGO:
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\root.py", line 771, in should_start_django
return len(settings.DISCOVERED_APPS) > 0 and not isLite()
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\django\conf\__init__.py", line 53, in __getattr__
self._setup(name)
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\django\conf\__init__.py", line 48, in _setup
self._wrapped = Settings(settings_module)
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\django\conf\__init__.py", line 152, in __init__
raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.")
ImproperlyConfigured: The SECRET_KEY setting must not be empty.
2017-07-01T12:36:56+0400 [INFO] [root.py], line 130: ENGINE: Bus STARTING
2017-07-01T12:36:56+0400 [INFO] [root.py], line 130: ENGINE: Set handler for console events.
2017-07-01T12:36:56+0400 [INFO] [root.py], line 130: ENGINE: Started monitor thread '_TimeoutMonitor'.
2017-07-01T12:36:56+0400 [INFO] [root.py], line 130: ENGINE: Serving on 127.0.0.1:8065
2017-07-01T12:36:56+0400 [INFO] [root.py], line 130: ENGINE: Bus STARTED
2017-07-01T12:36:57+0400 [INFO] [root.py], line 130: ENGINE: Started monitor thread 'Monitor'.
2017-07-01T12:36:57+0400 [INFO] [customlogmanager.py], line 63 : 127.0.0.1 - - [01/Jul/2017:12:36:57.298 +0400] "HEAD /favicon.ico HTTP/1.1" 303 124 "" "Splunk/6.6.0 (Windows Server 8.1 Standard Edition; arch=x64)" - 59575f294c40e8e6a6d8 16ms
2017-07-01T12:37:07+0400 [ERROR] [startup.py], line 104: Unable to read in product version information; [HTTP 401] Client is not authenticated
2017-07-01T12:37:07+0400 [INFO] [root.py], line 130: ENGINE: Started monitor thread 'Monitor'.
2017-07-01T12:37:07+0400 [ERROR] [config.py], line 138: [HTTP 401] Client is not authenticated
Traceback (most recent call last):
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\config.py", line 136, in getServerZoneInfo
return times.getServerZoneinfo()
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\times.py", line 158, in getServerZoneinfo
serverStatus, serverResp = splunk.rest.simpleRequest('/search/timeparser/tz')
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\rest\__init__.py", line 530, in simpleRequest
raise splunk.AuthenticationFailed
AuthenticationFailed: [HTTP 401] Client is not authenticated
2017-07-01T12:37:07+0400 [INFO] [customlogmanager.py], line 63 : 127.0.0.1 - admin [01/Jul/2017:12:37:07.047 +0400] "GET /en-US/config?autoload=1 HTTP/1.1" 200 752 "http://10.6.1.114:8000/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4" - 59575f330c40e8e6ab70 40ms
2017-07-01T12:37:07+0400 [ERROR] [startup.py], line 104: Unable to read in product version information; [HTTP 401] Client is not authenticated
2017-07-01T12:37:07+0400 [INFO] [customlogmanager.py], line 63 : 127.0.0.1 - admin [01/Jul/2017:12:37:07.318 +0400] "GET /en-US/config?autoload=1 HTTP/1.1" 200 752 "http://10.6.1.114:8000/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4" - 59575f335140e8e7a6a0 13ms
2017-07-01T12:37:10+0400 [ERROR] [startup.py], line 104: Unable to read in product version information; [HTTP 401] Client is not authenticated
Did anyone else experience this?
↧
Why does Splunk DB Connect fail to start after upgrading to 3.1.0?
I've just upgraded Splunk DB Connect to 3.1.0 from 3.0.6 and I get the "DBX Server is not available, please make sure it is started and listening on 1025 port or consult documentation for details" error. (I set the port to 1025 from the default as part of trying to troubleshoot, but it did not work with the original port 9998 either.
In splunkd.log I see this:
07-01-2017 14:29:54.225 +0400 ERROR ExecProcessor - message from ""C:\Program Files\Splunk\etc\apps\splunk_app_db_connect\windows_x86_64\bin\server.exe"" action=task_server_start_failed error=javax.servlet.ServletException: io.dropwizard.jersey.setup.JerseyServletContainer-4ee5d723@fb567993==io.dropwizard.jersey.setup.JerseyServletContainer,1,false stack=org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:661)\\org.eclipse.jetty.servlet.ServletHolder.initialize(ServletHolder.java:419)\\org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:875)\\org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:349)\\org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:772)\\org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:262)\\org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)\\org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)\\org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106)\\org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)\\com.codahale.metrics.jetty9.InstrumentedHandler.doStart(InstrumentedHandler.java:103)\\org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)\\org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)\\org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)\\org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)\\org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)\\org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)\\org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106)\\org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)\\org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:231)\\org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)\\org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)\\org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106)\\org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)\\org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)\\org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)\\org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106)\\org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)\\org.eclipse.jetty.server.handler.StatisticsHandler.doStart(StatisticsHandler.java:252)\\org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)\\org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)\\org.eclipse.jetty.server.Server.start(Server.java:411)\\org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106)\\org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)\\org.eclipse.jetty.server.Server.doStart(Server.java:378)\\org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)\\io.dropwizard.cli.ServerCommand.run(ServerCommand.java:53)\\io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:44)\\io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:85)\\io.dropwizard.cli.Cli.run(Cli.java:75)\\io.dropwizard.Application.run(Application.java:79)\\com.splunk.dbx.server.bootstrap.TaskServerStart.startTaskServer(TaskServerStart.java:97)\\com.splunk.dbx.server.bootstrap.TaskServerStart.streamEvents(TaskServerStart.java:59)\\com.splunk.modularinput.Script.run(Script.java:66)\\com.splunk.modularinput.Script.run(Script.java:44)\\com.splunk.dbx.server.bootstrap.TaskServerStart.main(TaskServerStart.java:108)\\
In splunk_app_dbconnect_dbx.log I get these
after installing 3.1.0:
2017-07-01T09:23:33+0400 [ERROR] [admin.py], line 421: Failed to fetch DMC settings to verify status
2017-07-01T09:23:33+0400 [ERROR] [admin.py], line 422: [HTTP 404] https://127.0.0.1:8089/services/dmc-conf/settings/settings; [{'code': None, 'type': 'ERROR', 'text': 'Not Found'}]
Traceback (most recent call last):
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\controllers\admin.py", line 418, in _is_DMCDisabled
dmc_settings = en.getEntity(DMC_SETTINGS['url'], 'settings')
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\entity.py", line 249, in getEntity
serverResponse, serverContent = rest.simpleRequest(uri, getargs=kwargs, sessionKey=sessionKey, raiseAllErrors=True)
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\rest\__init__.py", line 550, in simpleRequest
raise splunk.ResourceNotFound(uri, extendedMessages=extractMessages(body))
ResourceNotFound: [HTTP 404] https://127.0.0.1:8089/services/dmc-conf/settings/settings; [{'code': None, 'type': 'ERROR', 'text': 'Not Found'}]
after a restart:
2017-07-01T12:36:56+0400 [ERROR] [root.py], line 663: DJANGO: There was an error starting:
2017-07-01T12:36:56+0400 [ERROR] [root.py], line 664: The SECRET_KEY setting must not be empty.
Traceback (most recent call last):
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\root.py", line 661, in run
configure_django(global_cfg)
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\root.py", line 738, in configure_django
if should_start_django() or FORCE_ENABLE_DJANGO:
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\root.py", line 771, in should_start_django
return len(settings.DISCOVERED_APPS) > 0 and not isLite()
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\django\conf\__init__.py", line 53, in __getattr__
self._setup(name)
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\django\conf\__init__.py", line 48, in _setup
self._wrapped = Settings(settings_module)
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\django\conf\__init__.py", line 152, in __init__
raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.")
ImproperlyConfigured: The SECRET_KEY setting must not be empty.
2017-07-01T12:36:56+0400 [INFO] [root.py], line 130: ENGINE: Bus STARTING
2017-07-01T12:36:56+0400 [INFO] [root.py], line 130: ENGINE: Set handler for console events.
2017-07-01T12:36:56+0400 [INFO] [root.py], line 130: ENGINE: Started monitor thread '_TimeoutMonitor'.
2017-07-01T12:36:56+0400 [INFO] [root.py], line 130: ENGINE: Serving on 127.0.0.1:8065
2017-07-01T12:36:56+0400 [INFO] [root.py], line 130: ENGINE: Bus STARTED
2017-07-01T12:36:57+0400 [INFO] [root.py], line 130: ENGINE: Started monitor thread 'Monitor'.
2017-07-01T12:36:57+0400 [INFO] [customlogmanager.py], line 63 : 127.0.0.1 - - [01/Jul/2017:12:36:57.298 +0400] "HEAD /favicon.ico HTTP/1.1" 303 124 "" "Splunk/6.6.0 (Windows Server 8.1 Standard Edition; arch=x64)" - 59575f294c40e8e6a6d8 16ms
2017-07-01T12:37:07+0400 [ERROR] [startup.py], line 104: Unable to read in product version information; [HTTP 401] Client is not authenticated
2017-07-01T12:37:07+0400 [INFO] [root.py], line 130: ENGINE: Started monitor thread 'Monitor'.
2017-07-01T12:37:07+0400 [ERROR] [config.py], line 138: [HTTP 401] Client is not authenticated
Traceback (most recent call last):
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\config.py", line 136, in getServerZoneInfo
return times.getServerZoneinfo()
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\times.py", line 158, in getServerZoneinfo
serverStatus, serverResp = splunk.rest.simpleRequest('/search/timeparser/tz')
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\rest\__init__.py", line 530, in simpleRequest
raise splunk.AuthenticationFailed
AuthenticationFailed: [HTTP 401] Client is not authenticated
2017-07-01T12:37:07+0400 [INFO] [customlogmanager.py], line 63 : 127.0.0.1 - admin [01/Jul/2017:12:37:07.047 +0400] "GET /en-US/config?autoload=1 HTTP/1.1" 200 752 "http://10.6.1.114:8000/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4" - 59575f330c40e8e6ab70 40ms
2017-07-01T12:37:07+0400 [ERROR] [startup.py], line 104: Unable to read in product version information; [HTTP 401] Client is not authenticated
2017-07-01T12:37:07+0400 [INFO] [customlogmanager.py], line 63 : 127.0.0.1 - admin [01/Jul/2017:12:37:07.318 +0400] "GET /en-US/config?autoload=1 HTTP/1.1" 200 752 "http://10.6.1.114:8000/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4" - 59575f335140e8e7a6a0 13ms
2017-07-01T12:37:10+0400 [ERROR] [startup.py], line 104: Unable to read in product version information; [HTTP 401] Client is not authenticated
Did anyone else experience this?
↧
↧
In Splunk 6.6, why has the "Schedule Window" setting for alert become non-intuitive for users?
After upgrading from 6.5 to 6.6, the "Schedule Window" parameter in Splunk Web was moved from being right below the cron schedule box to being hidden away under the settings --> alert and reporting --> edit --> advanced edit --> bottom of a long list of weird parameters.
This is entirely non-intuitive for our basic users, is there anyway to get it back to where it used to be?
↧
How to upgrade splunk add on for aws from 1.1.0 to 4.2.3?
Currently i have splunk add on for aws ibn 1.10v, How to upgrade this to 4.2.3?
↧
Can i upgrade distribuited search head 6.5.1 to 6.6.2 version without any conflict ?????
I have a distribuited search head , 1 indexer(search peer) and a bunch of uf configured (splunk indexer and search head is of 6.5.2 version ) .
↧
Can we upgrade the Splunk version through Splunk Web?
Is there a way to upgrade the Splunk version through Splunk UI (Splunk Web)? ...i.e from the search head as we upgrade and install the apps..
↧
↧
Upgrading Universal Forwarder from 5.0.2 to 6.5.4
Hello Splunk Experts,
Recently, I've been tasked to upgrade a distributed Splunk environment with the condition as follows:
- Search Head & Indexer version: 6.1.3
- Universal Forwarder version: 5.0.2
There are 2 things in which I need confirmation of:
1. Is it possible to perform upgrade directly from 5.0.2 to 6.5.4 for UF?
2. Could I upgrade UF first before upgrading SH and then IDX?
Thank you and please advise.
↧
upgrade AppDynamics from 3.6 to 4.2.5
Hello All,
I'm in the process of upgrading our on-premises Splunk Deployment Server, and I need to upgrade our AppDynamics app from 3.6 to 4.2.5.
I have tried using the point-and-click method in the web gui of our server. But while the process completes without error, the app version remains 3.6. Guessing I need to either manually upgrade directly to 4.6 or step up from 3.6 to 4.x and then to 4.2.5
Can anyone provide some clarification on this or point me to documentation? It would be greatly appreciated.
Thanks in advance to anyone that can help.
Regards,
Chris
↧
what are these errors mean in XtremIO?
Hi,
when troubleshooting, these errors appeared
index=_internal component="ExecProcessor" "EMC Isilon Error:"
07-24-2017 17:04:53.867 +0000 ERROR ExecProcessor - message from "python /opt/splunk/splunk/etc/apps/TA_EMC-Isilon/bin/isilon.py" EMC Isilon Error: HTTP Request error: 403 Client Error: Forbidden for endpoint https:///platform/1/zones
07-24-2017 17:04:44.418 +0000 ERROR ExecProcessor - message from "python /opt/splunk/splunk/etc/apps/TA_EMC-Isilon/bin/isilon.py" EMC Isilon Error: Looks like an error while getting list of Active directory domains coercing to Unicode: need string or buffer, NoneType found : https:///platform/1/auth/providers/ads/$get_ad_domains$/search?search_users=true
these two errors occurring, can anyone help on this?
Thanks.
↧
Batch Adding Splunk Indexers
Hello All
While upgrading to version 6.6.2 (Indexer Cluster), i noticed that there is a new Status showing like "BatchAdding".
Though this is not much impacting anything, the splunk upgrade was successful.
Any idea what this means ?
![alt text][1]
[1]: /storage/temp/207031-capture.jpg
↧
↧
Why do I have this error message when I try to upgrade Splunk?
Just a half hour ago I'd upgrade my Splunk Enterprise from 6.6.2 to 6.6.3.
This Splunk install at my laptop (win 10 x64) as a testing work space.
I only ran an installing package of 6.6.3 which have no any actions except "next".
Upgrade was successful and all things work right, except access to app store, which told me this error:
*Error connecting: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed. Your Splunk instance is specifying custom CAs to trust using sslRootCAPath configuration in server.conf's [sslConfig] stanza. Make sure the CAs in the appsCA.pem (located under $SPLUNK_HOME/etc/auth/appsCA.pem) are included in the CAs specified by sslRootCAPath. To do this, append appsCA.pem to the file specified by the sslRootCAPath parameter.*
We haven't any CA's at our network, it's fully transparent.
What actions should I take to restore health and prevent a repeat of this in the future?
Expert for your help.
Thanks.
↧
Getting error messages after Splunk Enterprise Security upgrade from 4.5.2 to 4.7.1
Hi,
We have upgraded Enterprise Security from 4.5.2. to 4.7.1. After the upgrade we are getting two types of error message in our environment.
Type 1:
msg="A script exited abnormally" input="/opt/splunk/etc/apps/SA-Utils/bin/configuration_check.py" stanza="configuration_check://confcheck_es_app_version" status="exited with code 3"
Type 2:
A threat intelligence download has failed. stanza="iblocklist_spyware" host="xxxxx" status="threat list download failed after multiple retries"
A threat intelligence download has failed. stanza="iblocklist_proxy" host="xxxxx" status="threat list download failed after multiple retries"
A threat intelligence download has failed. stanza="iblocklist_tor" host="xxxxx" status="threat list download failed after multiple retries"
A threat intelligence download has failed. stanza="iblocklist_piratebay" host="xxxxx" status="threat list download failed after multiple retries"
A threat intelligence download has failed. stanza="iblocklist_web_attacker" host="xxxxx" status="threat list download failed after multiple retries"
A threat intelligence download has failed. stanza="iblocklist_rapidshare" host="xxxxx" status="threat list download failed after multiple retries"
A threat intelligence download has failed. stanza="iblocklist_logmein" host="xxxxx" status="threat list download failed after multiple retries"
Could you please suggest on this?
↧
Splunk DB Connect 2: Compatibility with MS SQL JDBC 4.2
In the documentation for Splunk DB Connect v2.4.0, the **only** MS SQL JDBC driver mentioned seems to be the older 4.0 version: **sqljdbc4.jar**. In the documentation for Splunk DB Connect v3.1.0 the *recommended* MS SQL JDBC driver is version 4.2: **sqljdbc42.jar**.
http://docs.splunk.com/Documentation/DBX/2.4.0/DeployDBX/Supporteddatabases
http://docs.splunk.com/Documentation/DBX/3.1.0/DeployDBX/Installdatabasedrivers
**Does anyone know if the more recent JDBC 4.2 driver works correctly with DB Connect 2.4.0?**
I also notice that Microsoft don't seem to support JDBC 4.0 with JRE 1.8:
https://docs.microsoft.com/en-us/sql/connect/jdbc/system-requirements-for-the-jdbc-driver
----
Motivation: The migration process from 2.4.0 to 3.1.0 simply keeps the same driver, moving it to a new location it seems. This is understandable. I'd like to upgrade the JDBC drivers first, maybe *X* weeks before migrating the whole app so I don't have to include that in the migration (or back-track if something goes wrong).
↧