S.o.S and Sideview Utils Upgrade

OldManEd · ‎12-27-2013

We just upgraded to Splunk 5.0.5 and noticed that the indexers were periodically missing data. One of the first things I wanted to look at was our installed S.o.S app. When I brought it up and launched "Data Inputs Overview", I got a "Error in 'rex' command. Failed to initialize sed. Invalid option string: /g" message and nothing showing up in the graphs.

When I looked at splunk>Manager >> Apps, I saw the following;

Sideview Utils             1.2.5 | Upgrade to 1.3.5
S.o.S: Splunk on Splunk    2.3.0 | Upgrade to 3.1.0

From what I read, it was suggested that these 2 apps be upgraded together. So my questions are;

1. Does anyone know if the upgrade will address the "Error in 'rex' command." error?
2. Is there any risk to running the upgrade.  (I really don't want to have any failure issues at this time of year.)

Thanks.

hexx · ‎01-02-2014

A bug against the "rex" command error in the Data Input Overview view exists (SUP-770) and has been resolved in S.o.S 3.1.

sideview · ‎01-01-2014

I can't speak to the SoS upgrade but you can upgrade Sideview Utils to 1.3.5 or even to the current release (3.0) and SoS will continue to work fine. Of course the Utils upgrade specifically is unlikely to affect the error you're seeing. However those versions are both quite old so I would upgrade both apps. SoS and Sideview Utils are both widely deployed and well maintained so you're unlikely to make matters worse.

S.o.S and Sideview Utils Upgrade

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases