All Apps and Add-ons

Error states I have Sideview Utils 1.1.5 yet I have version 1.3.5 installed

rtadams89
Contributor

After installing the S.O.S app, I receive an error that states "ERROR: This app requires at least version 1.1.7 of the Sideview Utils app to be installed on the system. You currently have this app installed but your version is 1.1.5. Please download a newer version from Splunkbase. If you are running Splunk 4.2 and above, you can update the app directly from the app management page."

I have confirmed Sideview Utils 1.3.5 is installed and works as expected. I have restarted splunkd and splunkweb several times. Reading posts at answers.splunk.com, this issue seems to happen if the Sideview Utils app.conf file has been updated to hide the app (isVisable = 0), but the app is unchanged and visible in my environment.

1 Solution

sideview
SplunkTrust
SplunkTrust

This happens quite frequently and most of the time it's caused by mysterious bugs where Splunk will fail to invalidate static file cacheing when installed apps are upgraded.

Assuming that's the case here, the solution is as follows.

In your browser's location bar type in

http://YOUR_HOST:8000/_bump

(change the host and also change the port if your splunk server isn't running on port 8000.)

A page will load with a button that says "Bump version". Click that button.

The problem should go away.

UPDATE: IF IT DOES NOT GO AWAY.

Well... if it's not a cacheing problem, then the bottom line is that somehow there is an old version of Sideview Utils somewhere, hiding. To find out where it's hiding, go to this URL, obviously replacing localhost and 8000 with your host and port.

https://localhost:8000/en-US/modules#Splunk.Module.SideviewUtils

and scroll down a little to where it says in italics
Defined in $SPLUNK_HOME\etc\apps\sideview_utils\appserver\modules\SideviewUtils\SideviewUtils.js

Take careful note of what path it gives you. Once in a blue moon there will be like a "sideview_utils_old" app. And unfortunately if you have two apps on the filesystem that have custom UI modules by the same name, Splunk just picks one more or less at random. Needless to say, if there are Sideview Utils modules defined in any other app besides Sideview Utils, delete them.

View solution in original post

sideview
SplunkTrust
SplunkTrust

This happens quite frequently and most of the time it's caused by mysterious bugs where Splunk will fail to invalidate static file cacheing when installed apps are upgraded.

Assuming that's the case here, the solution is as follows.

In your browser's location bar type in

http://YOUR_HOST:8000/_bump

(change the host and also change the port if your splunk server isn't running on port 8000.)

A page will load with a button that says "Bump version". Click that button.

The problem should go away.

UPDATE: IF IT DOES NOT GO AWAY.

Well... if it's not a cacheing problem, then the bottom line is that somehow there is an old version of Sideview Utils somewhere, hiding. To find out where it's hiding, go to this URL, obviously replacing localhost and 8000 with your host and port.

https://localhost:8000/en-US/modules#Splunk.Module.SideviewUtils

and scroll down a little to where it says in italics
Defined in $SPLUNK_HOME\etc\apps\sideview_utils\appserver\modules\SideviewUtils\SideviewUtils.js

Take careful note of what path it gives you. Once in a blue moon there will be like a "sideview_utils_old" app. And unfortunately if you have two apps on the filesystem that have custom UI modules by the same name, Splunk just picks one more or less at random. Needless to say, if there are Sideview Utils modules defined in any other app besides Sideview Utils, delete them.

linu1988
Champion

I was thinking the right way then, was curious too, but who would think this could happen!

0 Karma

sideview
SplunkTrust
SplunkTrust

The system has two apps that both contain modules by the same name. Splunk is better in this situation than it once was, but it still essentially picks one at random.

Someone long ago had renamed sideview_utils 1.1.7 to "SideviewUtils.old", and then at some point later it was renamed to "displayapp" and then later sideview_utils 1.3.5 was installed. Splunk was loading modules from the older one.

hexx
Splunk Employee
Splunk Employee

Just curious: What was the root cause, in the end?

0 Karma

sideview
SplunkTrust
SplunkTrust

shoot me an email. Let's hop on gotomeeting and I bet we can figure it out in 5mins.

0 Karma

rtadams89
Contributor

Yep, have tried bump'ing Splunk as well.

0 Karma

sideview
SplunkTrust
SplunkTrust

And just a beat a dead horse - you went to the bump URL and also clicked the "bump" button there, right? Sorry to make you answer again! If the answer is yes, then email me at nick [at] sideviewapps.com and lets jump on a webex. I'll be able to figure out quickly where the old code is hiding.

0 Karma

rtadams89
Contributor

I just updated to Sideview Utils 3.1; the error in SoS still persists.

0 Karma

rtadams89
Contributor

I have been going into the etc/apps/ folder and deleting the sideview app, issuing a "splunk restart" command, then installing the app via the web GUI and restarting from the web GUI.

0 Karma

sideview
SplunkTrust
SplunkTrust

Downright peculiar! OK it'll be something fun.

To double check, by "uninstalled" do you mean you deleted the app from the filesystem? And are you installing through the Splunk UI or by manually untarring and putting it into $SPLUNK_HOME/etc/apps? (Obviously either should work but the answers are interesting.)
eg: sometimes permission changes from weird edits or unsolved mysteries have caused a couple old files to linger across an app upgrade. And sometimes "disabling" an app is misinterpreted as removal.
Would you be willing to do a quick webex? It'll reach some answer pretty quickly.

0 Karma

rtadams89
Contributor

I have tried the _bump URL without success.

0 Karma

rtadams89
Contributor

I don't believe so, but in any case I have uninstalled side view utils & SOS, restarted Splunk, installed sideview utils, restarted Splunk, installed SOS, restarted splunk; problem persists.

0 Karma

linu1988
Champion

Did you previously using sideview 1.1.7? IF yes, did you upgrade it from 1.1.7 -> 1.3.5? in that case delete the existing 1.3.5 version and install it once again then check your SOS app.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...