All Apps and Add-ons

Sideview Utils 2.x and ES 2.4


In the documentation it states that ES is not compatible with Sideview Utils versions 2.x.

What specifically are the problems. I've got ES 2.4 installed, and accidentally installed the 2.6.3 version of Sideview Utils...(Looking for the functionality, and didn't see the footnote in the documentation for ES before installing). I've since looked through the ES dashboards and vies and am not seeing any issues...initially.

My question is what exactly are the issues with ES and Sideview Utils 2.x? My take on it (we don't yet have ES tuned as we're still in the first two weeks) is that the time savings with the latest version almost outweighs the benefit of ES. I would like to resolve any issues and/or get an understanding on when the issues will be resolved.


Check the Security Posture dashboard. Some versions of SVU 2.X broke that page (might be fixed now though).

Also, check the multi-select dropdowns; I want to say that those had broken but I'm not sure.

0 Karma


For what it's worth there are no compatibility issues that I know of. Sideview Utils 2.X is backwards compatible with all the features and params of 1.3.X, so 2.6.2 should work fine with Enterprise Security.

All Splunk apps have that same disclaimer but I know that a lot of SoS users and users of other Splunk-owned apps have upgraded to Sideview Utils 2.X without issue. Specific to ES, I remember 6 months ago or more, there was one ES user who had upgraded to Sideview Utils 2.X and he did find and report an incompatibility but it was just a bug and it was fixed in a maintenance release days later. If you see anything that seems off feel free to contact me.

Indeed the improvements from Sideview Utils 1.3 to 2.6.2 are huge. hundreds of bug fixes, new features, new modules, performance improvements not to mention improved docs and examples.

I think the reason Splunk states that the app is not compatible with Sideview Utils 2.X is because they do not test it with 2.X. The licensing for Sideview Utils changed in 2.X, switching from LGPL to the Sideview Free Internal Use License. The new licensing still allows end-users like yourself to use Sideview Utils here, but if Splunk were to use features and improvements from 2.X in their apps they would have to buy a different license from Sideview. I think Splunk decided not to pursue this licensing for any of their apps, which leaves them only able to develop their apps against the old 1.3.X LGPL versions.

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!