Getting "Invalid key in stanza" error after upgrading Splunk forwarder to 6.4.1
Hi, I have upgraded a Splunk forwarder to 6.4.1 and after the upgrade, when I run `/splunkforwarder/bin/splunk btool check` command, I get lots of invalid key in stanza errors in savedsearches.conf...
View ArticleUpgrading Splunk from 6.4.0 to 6.4.1, getting error "failed to remove...
Fresh install and cluster build of 6.4.0 Downloaded 6.4.1 and did `rpm -Uvh` and got a not so comforting response: ### [root@splunkindex14 ~]# rpm -Uvh splunk-6.4.1-debde650d26e-linux-2.6-x86_64.rpm...
View ArticleIn what order do we upgrade Splunk servers in our clustered environment from...
Hi, We are upgrading all of our Splunk components from Splunk 6.3.0 to 6.4.1. Following are the servers in the clustered environment. a) License server b) Deployment server c) Cluster Master d) Search...
View ArticleCan the SCCM App for Splunk be upgraded to add more functionality and support...
Hi, Thanks for the great SCCM App for Spluink. As we can see, this is a very popular app on Splunkbase. Can this app be upgraded to add more functionality and support for the Splunk DB Connect 2 app?...
View ArticleHow to migrate data from a 6.2.0 Splunk instance to a new instance on 6.4.1?
Hi guys, I have to migrate the data from a Splunk instance (Version 6.2.0) to an another one (Version 6.4.1). Thus, I was wondering if I had to upgrade the old Splunk instance first and then migrate it...
View Articleupgrade from universal forwarder 6.3.0 to 6.4.0 issue
i have upgraded all of our universal forwarders from 6.3.0 to 6.4.0 and roughly a third is showing as "missing" when looking at the forwarder version in the distributed management console. is there...
View ArticleUpgrade of openssl due to MitM potential
I have received a vulnerability report indicating a MitM exploit was successful against ports 8000, 8089 and 9997 on our Splunk servers and some (probably all) forwarders. The resolution is to update...
View ArticleTrying to upgrade our forwarder, why are we getting error "OpenSSL:...
Hello Team, We tried to upgrade our Splunk Forwarder on Uslv-dapp-mon07 and mon08, but getting the error below for both Servers. Can you please help us? Attached Screenshot.
View ArticleAfter upgrading Splunk from 6.2 to 6.3.1, why am I getting no results...
Hi Team, I have upgraded Splunk from 6.2 to 6.3.1 version. I restored backup, but still I am not getting any output for searches for any of the indexes. Thanks
View ArticleWill cloning our production search head for a test environment affect our...
Hello Team, I am upgrading my Splunk environment from Splunk 6.2 to 6.4. Before doing this on our production environment, we want to test it on a clone environment, so we will be cloning the search...
View ArticleAfter upgrading Splunk from 6.3.0 to 6.4.1, why am I getting error "Invalid...
Hi, I upgraded Splunk from 6.3.0 to 6.4.1. On restarting Splunk, I am getting below messages. Checking filesystem compatibility... Done **Checking conf files for problems... Invalid value in stanza...
View ArticleIs there a documented back out process when upgrading from 6.1.2 to 6.4.1?
I am looking to see if there is a documented back out process when upgrading from a 6.1.2 to a 6.4.1. What should I have backed up in case an issue arises?
View ArticleUpgraded heavy forwarder from 6.1.2 to 6.4.2 unable to access data inputs...
Upgraded heavy forwarder from 6.1.2 to 6.4.2 unable to access data inputs from web. From Splunk forwarder webpage >> Settings >> Data Inputs >> I get 500 error below (I removed the...
View ArticleUpgraded to 6.4.1 and patterns tab and download button are not appearing...
Hi, We just upgraded to 6.4.1 and some users are now stating that they are not seeing the "Patterns" tab after searches run, and the download icon is not appearing as well. The app version is 6.4.1....
View ArticleTrying to update the Splunk Add-on for Unix and Linux from 5.2.1 to 5.2.3, do...
I'm trying to update Splunk_TA_NIX from Version: 5.2.1 to version 5.2.3, but the admin/passwd doesn't seem to be working. The admin passwd has been changed since the app was originally installed and I...
View ArticleSplunk Upgrade from 6.3x to 6.4.2 and UI view conflicts
hi folks We are upgrading from Splunk 6.3x to 6.4.2 and got Warning in the migration log for DMC App "splunk_managment_console" has an overriding copy of the "reports.xml" , thus the new version may...
View ArticleTA-juniper "Bad regex value" error after upgrade from Splunk 6.2.6 to 6.3.5
Hello, After we upgraded Splunk to 6.3.5, our **TA-juniper** started producing a bad regex error: **btool.log** Bad regex value: '\s+([.-\w]+)\s+RT_FLOW', of param: transforms.conf / [dvc_for_junos_fw]...
View ArticleSplunk_TA_bluecoat-proxysg "Bad regex value" error after upgrade from Splunk...
Hello, After we upgraded Splunk to 6.3.5, our Splunk_TA_bluecoat-proxysg started producing a bad regex error: btool.log Bad regex value: '(?[^;]+)', of param: transforms.conf / [bluecoat_categories] /...
View ArticleAfter upgrading Splunk Enterprise to 6.4.2, why are we getting a certificate...
We've recently upgraded Splunk Enterprise to 6.4.2 and are getting an error while trying to upgrade the Splunk Add-on for Unix and Linux to version 5.2.3. splunkd.log shows: ERROR X509 - X509...
View ArticleWhy are some views in an app missing after upgrading Splunk from 5.0.5 to 6.2.5?
We have upgraded Splunk from version 5.0.5 to 6.2.5. After the upgrade, we noticed some of the dashboards in an app were missing. We are completely clueless about this. Any ideas ??
View Article