- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Dashboards won't load after upgrade to Splunk 6
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After upgrading from Splunk 5.0.5 to Splunk 6 (all on Ubuntu 12.04), dashboards do not load at all. I am also unable to create new dashboards and have them function (even after following the new dashboard tutorial video entirely).
All Dashboard panels report "Could not create search." instead of results.
When editing the dashboard, and opting to open the dashboard in the search app, the search itself will load entirely fine.
Some basic debugging shows that the dashboard page attempts to make a call to a URL in the format of:
and that URL just results in a 404.
The duplicated /search/search/ is concerning (but possible a red herring. Removing one of the search words yields an actual json response... although its hard to tell if it is correct.
Any thoughts on what might be going on?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We figured out this is a bug in Splunk 6, and it has been reported to the dev team:
To repro:
- Change your username to an email address format.
- Create a dashboard with an inline search.
i.e. for inlined saved queries, the URl generated by the Splunk SearchManager tries to make this URL request internally:
https://localhost:8089/servicesNS/USER@foocorp.com/search/search/jobs?output_mode=json
Splunk's UI tries to extract the hostname from the URL, but the '@' sign in the email address causes problems and truncates the URL to "/search/search/jobs?output_mode=json". The function that does the truncation is the parseUri() function in the makeRequest() call.
makeRequest: function(url, message, callback) {
// Add our original destination to to headers,
// as some proxy implementations would rather
// use this.
message.headers["X-ProxyDestination"] = url;
// Need to remove the hostname from the URL
var parsed = parseUri(url);
var prefixToRemove = "" + (parsed.protocol ? parsed.protocol : "") + "://" + parsed.authority;
url = url.replace(new RegExp(escape(prefixToRemove), "i"), "");
Normally, Splunk inline XML queries default to the original username, so the solution was to URL encode this info:
createService: function(options) {
options = options || {};
var http = options.http || new sdk.ProxyHttp(config.PROXY_PATH);
options.version = options.version || "5.0";
options.app = options.app || utils.getPageInfo().app || "-";
options.owner = options.owner || splunkConfig.USERNAME;
options.owner = options.owner || encodeURIComponent(splunkConfig.USERNAME);
return new sdk.Service(http, options);
},
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Splunk 6.0.1 release addresses this issue and fixes it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am experiencing this exact issue. Did you get any feedback from the development team, and/or did you discover a work around?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We figured out this is a bug in Splunk 6, and it has been reported to the dev team:
To repro:
- Change your username to an email address format.
- Create a dashboard with an inline search.
i.e. for inlined saved queries, the URl generated by the Splunk SearchManager tries to make this URL request internally:
https://localhost:8089/servicesNS/USER@foocorp.com/search/search/jobs?output_mode=json
Splunk's UI tries to extract the hostname from the URL, but the '@' sign in the email address causes problems and truncates the URL to "/search/search/jobs?output_mode=json". The function that does the truncation is the parseUri() function in the makeRequest() call.
makeRequest: function(url, message, callback) {
// Add our original destination to to headers,
// as some proxy implementations would rather
// use this.
message.headers["X-ProxyDestination"] = url;
// Need to remove the hostname from the URL
var parsed = parseUri(url);
var prefixToRemove = "" + (parsed.protocol ? parsed.protocol : "") + "://" + parsed.authority;
url = url.replace(new RegExp(escape(prefixToRemove), "i"), "");
Normally, Splunk inline XML queries default to the original username, so the solution was to URL encode this info:
createService: function(options) {
options = options || {};
var http = options.http || new sdk.ProxyHttp(config.PROXY_PATH);
options.version = options.version || "5.0";
options.app = options.app || utils.getPageInfo().app || "-";
options.owner = options.owner || splunkConfig.USERNAME;
options.owner = options.owner || encodeURIComponent(splunkConfig.USERNAME);
return new sdk.Service(http, options);
},
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
But One thing, what will happen if I have username="xxx@yyy.com" means "@" is present , at that time how do I able to see my results
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is awesome, I just love it , thanks a lot !!
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
