- Splunk Answers
- :
- Splunk Premium Solutions
- :
- Security Premium Solutions
- :
- Splunk Enterprise Security
- :
- Need assistance with ES error after upgrade from 5...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I did upgraded my SPLUNK ES v5.2.2 to 5.3.
none of the configure options are not working. Options like ES permissions and Identity management and Identity lookup's etc..
I did the backup before the upgrade and after, I found the problem in ES 5.3. So, that I kept all my old file back i.e, 5.2.2 and working fine.
Could anyone help with why none of the options under configure drop down are not working and throwing an 404 error and [object OBJECT] error even though I have all ESS_ADMIN rights and full permissions to whole SPLUNK directory.
Thanks in Advance and any help would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We had simular issue, lots of objects were unaccessible, Splunk was constantly crashing... But we managed to resolve it.
It seems that it was connected to the issue SOLNESS-1877. We had to replace log.py in:
$SPLUNK_HOME\etc\apps\SA-Utils\lib\SolnCommon\log.py $SPLUNK_HOME\etc\apps\SplunkEnterpriseSecuritySuite\lib\SplunkEnterpriseSecuritySuite\log.py
For replacement we used log.py file from Enterprise Security release 5.2.2.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We had simular issue, lots of objects were unaccessible, Splunk was constantly crashing... But we managed to resolve it.
It seems that it was connected to the issue SOLNESS-1877. We had to replace log.py in:
$SPLUNK_HOME\etc\apps\SA-Utils\lib\SolnCommon\log.py $SPLUNK_HOME\etc\apps\SplunkEnterpriseSecuritySuite\lib\SplunkEnterpriseSecuritySuite\log.py
For replacement we used log.py file from Enterprise Security release 5.2.2.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, I did raised a ticket with splunk team. They sent me the file and I replaced with new log.py and working fine now.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
this sounds like a permission problem. Did you check them? Maybe do a chown -R on the splunk directory again.
Skalli
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I am using splunk on Windows.
Yes I did checked for all permissions and I gave all permissions for everyone for the whole splunk directory in C drive.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just heard that there are problems with 5.3.
You may want to file a support case. Perhaps either a fix is coming soon or you need to do a downgrade.
Skalli
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes Skalliger, As i mentioned in the post I did downgraded to ES 5.2.2 again.
I raised a case with splunk a week back. Still, they are working on that and issue didn't resolved.
Thanks for your support 🙂
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
Splunk APM: New Product Features + Community Office Hours Recap!
Index This | Forward, I’m heavy; backward, I’m not. What am I?
