https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-6-2-0-Upgrade-Failure/m-p/533603#M9565 <P>The only thing I found worked was to perform the following steps:</P><P class="lia-indent-padding-left-30px">1. Change directories to: /opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/install</P><P class="lia-indent-padding-left-30px">2.&nbsp; Execute the following command: for i in *.spl; do /opt/splunk/bin/splunk install app $i; done</P><P class="lia-indent-padding-left-30px">3. Change is_configured = 0 to is_configured = 1 in /opt/etc/apps/SplunkEnterpriseSecuritySuite/local/app.conf</P><P class="lia-indent-padding-left-30px">3. Restart Splunk services</P><P>NOTE: Also works on 6.4.0</P> Fri, 18 Dec 2020 18:32:59 GMT jbburkes 2020-12-18T18:32:59Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-6-2-0-Upgrade-Failure/m-p/509518#M9015 <P>Recently upgraded Splunk Enterprise Security from 6.1.1 to 6.2.0, install went fine, however clicking on Setup gives me the following error, this happens for both my personal account and the embedded administrator account:</P><P class="lia-indent-padding-left-30px">Error: You do not have the permissions to view this page.</P><P><SPAN>Executed the following Search: "| essinstall --dry-run gives the following error:"</SPAN></P><P class="lia-indent-padding-left-30px"><SPAN>Error in 'essinstall' command: (Exception) Missing the capabilities to use essinstall command</SPAN></P><P><SPAN>If I investigate the Job Inspector/Search.log I find the following error:</SPAN></P><P class="lia-indent-padding-left-30px"><SPAN>Traceback (most recent call last):</SPAN></P><P class="lia-indent-padding-left-60px"><SPAN>File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/essinstall.py" line 385 in run while self._handle_chunk()</SPAN></P><P>Logged into the Splunk server SSH/CLI itself and ran the command manually ("/opt/splunk/bin/splunk cmd python3 /opt/splunk/etc/apps/SplunkEnterpriseSecurity/bin/essinstall.py" as the splunk user and get the following error:</P><P class="lia-indent-padding-left-30px"><SPAN>Traceback (most recent call last):</SPAN></P><P class="lia-indent-padding-left-60px"><SPAN>File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/essinstall.py" line 14, in &lt;module&gt; import splunk.rest as rest</SPAN></P><P class="lia-indent-padding-left-30px"><SPAN>There is more to the error than the above, but figure I need to solve that issue first before worrying about the rest. Seems it cannot import splunk.rest?</SPAN></P><P>Verified both the Splunk server is configured for python3 (not enforce) in local/server.conf as well as Splunk Enterprise Security which by default is python3 in inputs.conf, I don't have a custom inputs.conf in local for Splunk Enterprise Security</P> Thu, 16 Jul 2020 13:32:21 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-6-2-0-Upgrade-Failure/m-p/509518#M9015 jbburkes 2020-07-16T13:32:21Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-6-2-0-Upgrade-Failure/m-p/518410#M9238 <P>Grant the current user to inherit the&nbsp;<STRONG>ess_admin</STRONG> role.</P> Tue, 08 Sep 2020 10:46:25 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-6-2-0-Upgrade-Failure/m-p/518410#M9238 rivaanbechan 2020-09-08T10:46:25Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-6-2-0-Upgrade-Failure/m-p/525900#M9398 Yes, it did help. Wed, 21 Oct 2020 20:12:33 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-6-2-0-Upgrade-Failure/m-p/525900#M9398 tomasmoser 2020-10-21T20:12:33Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-6-2-0-Upgrade-Failure/m-p/527985#M9438 <P>Sorry just getting back to this, user already has essadmin. Still the same error. Thanks.</P> Wed, 04 Nov 2020 18:07:08 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-6-2-0-Upgrade-Failure/m-p/527985#M9438 jbburkes 2020-11-04T18:07:08Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-6-2-0-Upgrade-Failure/m-p/528007#M9439 <P>Should also add that if I "upgrade" back to 6.1.1, no issues.&nbsp; Only when I install 6.2.0 do I have issues.</P> Wed, 04 Nov 2020 19:17:39 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-6-2-0-Upgrade-Failure/m-p/528007#M9439 jbburkes 2020-11-04T19:17:39Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-6-2-0-Upgrade-Failure/m-p/533603#M9565 <P>The only thing I found worked was to perform the following steps:</P><P class="lia-indent-padding-left-30px">1. Change directories to: /opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/install</P><P class="lia-indent-padding-left-30px">2.&nbsp; Execute the following command: for i in *.spl; do /opt/splunk/bin/splunk install app $i; done</P><P class="lia-indent-padding-left-30px">3. Change is_configured = 0 to is_configured = 1 in /opt/etc/apps/SplunkEnterpriseSecuritySuite/local/app.conf</P><P class="lia-indent-padding-left-30px">3. Restart Splunk services</P><P>NOTE: Also works on 6.4.0</P> Fri, 18 Dec 2020 18:32:59 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-6-2-0-Upgrade-Failure/m-p/533603#M9565 jbburkes 2020-12-18T18:32:59Z