After installing the S.O.S app, I receive an error that states "ERROR: This app requires at least version 1.1.7 of the Sideview Utils app to be installed on the system. You currently have this app installed but your version is 1.1.5. Please download a newer version from Splunkbase. If you are running Splunk 4.2 and above, you can update the app directly from the app management page."
I have confirmed Sideview Utils 1.3.5 is installed and works as expected. I have restarted splunkd and splunkweb several times. Reading posts at answers.splunk.com, this issue seems to happen if the Sideview Utils app.conf file has been updated to hide the app (isVisable = 0), but the app is unchanged and visible in my environment.
This happens quite frequently and most of the time it's caused by mysterious bugs where Splunk will fail to invalidate static file cacheing when installed apps are upgraded.
Assuming that's the case here, the solution is as follows.
In your browser's location bar type in
http://YOUR_HOST:8000/_bump
(change the host and also change the port if your splunk server isn't running on port 8000.)
A page will load with a button that says "Bump version". Click that button.
The problem should go away.
UPDATE: IF IT DOES NOT GO AWAY.
Well... if it's not a cacheing problem, then the bottom line is that somehow there is an old version of Sideview Utils somewhere, hiding. To find out where it's hiding, go to this URL, obviously replacing localhost and 8000 with your host and port.
https://localhost:8000/en-US/modules#Splunk.Module.SideviewUtils
and scroll down a little to where it says in italics
Defined in $SPLUNK_HOME\etc\apps\sideview_utils\appserver\modules\SideviewUtils\SideviewUtils.js
Take careful note of what path it gives you. Once in a blue moon there will be like a "sideview_utils_old" app. And unfortunately if you have two apps on the filesystem that have custom UI modules by the same name, Splunk just picks one more or less at random. Needless to say, if there are Sideview Utils modules defined in any other app besides Sideview Utils, delete them.
This happens quite frequently and most of the time it's caused by mysterious bugs where Splunk will fail to invalidate static file cacheing when installed apps are upgraded.
Assuming that's the case here, the solution is as follows.
In your browser's location bar type in
http://YOUR_HOST:8000/_bump
(change the host and also change the port if your splunk server isn't running on port 8000.)
A page will load with a button that says "Bump version". Click that button.
The problem should go away.
UPDATE: IF IT DOES NOT GO AWAY.
Well... if it's not a cacheing problem, then the bottom line is that somehow there is an old version of Sideview Utils somewhere, hiding. To find out where it's hiding, go to this URL, obviously replacing localhost and 8000 with your host and port.
https://localhost:8000/en-US/modules#Splunk.Module.SideviewUtils
and scroll down a little to where it says in italics
Defined in $SPLUNK_HOME\etc\apps\sideview_utils\appserver\modules\SideviewUtils\SideviewUtils.js
Take careful note of what path it gives you. Once in a blue moon there will be like a "sideview_utils_old" app. And unfortunately if you have two apps on the filesystem that have custom UI modules by the same name, Splunk just picks one more or less at random. Needless to say, if there are Sideview Utils modules defined in any other app besides Sideview Utils, delete them.
I was thinking the right way then, was curious too, but who would think this could happen!
The system has two apps that both contain modules by the same name. Splunk is better in this situation than it once was, but it still essentially picks one at random.
Someone long ago had renamed sideview_utils 1.1.7 to "SideviewUtils.old", and then at some point later it was renamed to "displayapp" and then later sideview_utils 1.3.5 was installed. Splunk was loading modules from the older one.
Just curious: What was the root cause, in the end?
shoot me an email. Let's hop on gotomeeting and I bet we can figure it out in 5mins.
Yep, have tried bump'ing Splunk as well.
And just a beat a dead horse - you went to the bump URL and also clicked the "bump" button there, right? Sorry to make you answer again! If the answer is yes, then email me at nick [at] sideviewapps.com and lets jump on a webex. I'll be able to figure out quickly where the old code is hiding.
I just updated to Sideview Utils 3.1; the error in SoS still persists.
I have been going into the etc/apps/ folder and deleting the sideview app, issuing a "splunk restart" command, then installing the app via the web GUI and restarting from the web GUI.
Downright peculiar! OK it'll be something fun.
To double check, by "uninstalled" do you mean you deleted the app from the filesystem? And are you installing through the Splunk UI or by manually untarring and putting it into $SPLUNK_HOME/etc/apps? (Obviously either should work but the answers are interesting.)
eg: sometimes permission changes from weird edits or unsolved mysteries have caused a couple old files to linger across an app upgrade. And sometimes "disabling" an app is misinterpreted as removal.
Would you be willing to do a quick webex? It'll reach some answer pretty quickly.
I have tried the _bump URL without success.
I don't believe so, but in any case I have uninstalled side view utils & SOS, restarted Splunk, installed sideview utils, restarted Splunk, installed SOS, restarted splunk; problem persists.
Did you previously using sideview 1.1.7? IF yes, did you upgrade it from 1.1.7 -> 1.3.5? in that case delete the existing 1.3.5 version and install it once again then check your SOS app.