All Apps and Add-ons

Splunk Security Essential not loading correctly

promisingbank
Engager

Hi,

I am building a lab environment, loaded with the boss of the soc pre-indexed data. I installed all the apps, and everything was working. I needed to restore my VM from a previous snapshot, though, and my Splunk Security Essentials stopped loading. I found community recommendations to _bump recommendation in the splunk community article "why-does-the-splunk-security-essentials-app-has-mi" (not enough karma to post the link) Number One: Most Likely
The most common culprit for this is a core bug with refreshing static assets. To get around this, run a _bump by browsing to http://yoursplunk:8000/en-US/_bump and click the button.

I also tried removing the app from /opt/splunk/etc/apps/ and reinstalled it. "

Is there something else I can try to restore SES?
alt text

jamesjarrett
Path Finder

Try this fix:
| inputlookup SSE-default-data-inventory-products.csv
| outputlookup data_inventory_products_lookup

it wipes any manual stuff you have already done, but the next time you try it actually works. Its worth a try.

0 Karma

ssadanala1
Contributor

whhich version of sse is it ?3.0.6 ?

0 Karma

GDustin
Path Finder

me too; v.3.1.0

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...