Re: Why can't I see most of the dashboards after m...

christopherr_sp · ‎11-20-2018

Splunk Enterprise is migrated from 6.5.3 to 7.1.2 and also Splunk Enterprise Security App
has been upgraded from 4.7.1 to 5.1.1.

After the upgrade, most of the navigational dashboards are not visible anymore.

For example, inside Enterprise Security under Security Intelligence, you will see “Risk Analysis”,
“Protocol Intelligence”, “Threat Intelligence”, “User Intelligence” and “Web Intelligence”.

Now, after upgrade to 5.1.1, inside Enterprise Security Under Security Intelligence I can only see
“Risk Analysis”. I can only see that for Security Domains as well. “Identity” are not visible anymore.

christopherr_sp · ‎11-20-2018

Support logged a Bug with Development and it was confirmed as a Bug. After Splunk 4.7.x
SA (Security Add on)/DA (Domain Add on) apps were disabled before the post-installation setup.

During the 5.1.1 upgrade SAs were re-enabled, but DAs were not.

SOLNESS-17018 Navigation: Splunk ES 5.1.1 not showing most of the dashboards after migration from 4.7.1

The solution is to re-enable all DAs (Domain Add ons).

To re-enable apps click "Manage Apps" from the app dropdown on the navigation bar in ES or
navigate to https://examplehost.splunk.com:8000/en-US/manager/SplunkEnterpriseSecuritySuite/apps/local

(Replace: examplehost.splunk.com with the name of your host).

Why can't I see most of the dashboards after migration from ES 4.7.1 to Splunk Enterprise Security 5.1.1?

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...