MS Azure Active Directory Reporting Add-on for Splunk: Why are there errors...
Hi I have following errors after upgrading to 1.1 version. It's a bit strange as logs seems to be ingested. 2019-04-16 08:13:18,919 ERROR pid=2020 tid=MainThread file=splunk_rest_client.py:request:144...
View ArticleSplunk upgrade: splunk_monitoring_console has overriding copies of...
Hello Splunkers, I just upgraded Splunk from 7.2.5.1 to 7.2.6 on CentOS 7. The migration process gave the following warning: Checking for possible UI view conflicts... App "splunk_monitoring_console"...
View ArticleLicense issue regarding upgrading Splunk from 6.4 to 6.6.10
Hi, I am planning to upgrade Splunk from 6.4 to 6.6.10. However I noticed that Splunk 6.5 has a new non-enforcement license. Will my set up still be able to work with the old license after the upgrade...
View ArticleSite-by-site Upgrade by skipping some versions
Hello All, We have a clustered environement in multi-site running Splunk 6.6 and we would like to upgrade it to 7.2. I see in the documentations that a site-by-site would be possible only in 3 steps...
View ArticleUpgrade Highcharts version in Splunk
Hello, we are using Splunk Enterprise 7.2.3. As far as I know it uses Highcharts 4.0.4. My question is that is it possible to upgrade the Highcharts component in Splunk? And which Highcharts version is...
View ArticleNeed assistance with ES error after upgrade from 5.2.2 to 5.3
I did upgraded my SPLUNK ES v5.2.2 to 5.3. none of the configure options are not working. Options like ES permissions and Identity management and Identity lookup's etc.. I did the backup before the...
View Article_txn_orphan field missing from transaction command after upgrade
Just upgraded SH from 7.0.2 to 7.2.5.1 (indexers still in progress) and some reports which rely on `_txn_orphan` broke. If I understand correctly, this should be returning the `_txn_orphan` field. `|...
View ArticleInvalid template path Errors after upgrading to 7.2.6
Hi, I'm after to Splunk Enterprise 7.2.6 from 7.1. The install, on Windows via gui, completed successfully. The migrating logs shows no error. However when I log on to the Splunk Web Ui and go to...
View ArticleIs there a security reason to upgrade Splunk Universal Forwarder?
I subscribe to a RSS feed for Splunk CVEs and diligently keep my security team in the loop regarding Splunk vulnerabilities. Since I've taken over the Splunk administrator role at my company, I've...
View ArticleDashboard sent out two emails with PDFs attached
Hi All. We have an e-mail sent out every week with a dashboard PDF attached. But from last week after upgrading splunk to latest version and fixing an issue with PDF email issue, we are receiving 2...
View ArticleIncident Review and Investigations page errored out after ESS 5.3.0 upgrade
After upgrading 'Splunk Enterprise Security' from version 5.1.0 to 5.3.0, 'Incident Review', and Investigations page errored out with below errors. 1. **Incident Review:** **URL:**...
View ArticleRHEL 7: Failing upgrade from 7.2.2 to 7.2.5/6
I have a small full instance of Splunk used for testing. It's installed on RHEL 7 via tarball. I've followed the directions on the splunk site about stopping splunk services and then installing over...
View ArticleWhat's the order of operations for upgrading Splunk Enterprise?
I'm planning an upgrade to the latest version of Splunk Enterprise. What is the high-level order of operations? Is there an intermediate step required if I'm on Splunk 6.5 or earlier? Where do...
View ArticleUpgrade 5.2.2 to 5.3 - is the documentation wrong or is it me ?
Hello, I'm using Splunk 7.2.6 and ES 5.2.2 (on a SHC) and I want to upgrade ES to 5.3 on this SHC environment. According to the install documentation, I did the following : - install ES 5.2.2 on Master...
View ArticleUpgrading Splunk from 6.4 to 6.6.10: License issue
Hi, I am planning to upgrade Splunk from 6.4 to 6.6.10. However, I noticed that Splunk 6.5 has a new non-enforcement license. Will my set up still be able to work with the old license after the upgrade...
View ArticleHow to solve TailReader and buckets errors
Hi, we have upgraded to 7.2.6 and we are getting errors all the time now. Today we have used 3 GB of our licenses- so not much, however, I have issues below (Images). I have 3 questions: 1) We have a...
View ArticleSplunk Add-on for Infoblox v.1.1.0: Field extractions break with 8.4.x release
Hi, After upgrading our Infoblox solution to release 8.4.x a new hexadecimal field is introduced in the DNS syslog messages. We were told by Infoblox support that there has been a change in behavior...
View ArticleLarge amount of buckets that need to be fixed after the upgrade?
After the upgrade to 7.1.7 last night, we had 44K buckets under **Fixup Tasks – Pending**, and that was seven hours after the upgrade. What caused so many buckets to be in the fixed category?
View ArticleIs it possible during an upgrade to postpone the replication by a day or so?
During the upgrade to 7.1.7 we had a couple of challenges and some are mentioned at [Large amount of buckets that need to be fixed after the upgrade?][1] [1]:...
View ArticleHow to disable Splunk app using deployment server
Hi all, I have deployed an app using a deployment server in Splunk. Suppose I got a new update for that app and I need to upgrade it. I have below search: 1. Since I am using deployment server to push...
View Article