Hi,
I am building a lab environment, loaded with the boss of the soc pre-indexed data. I installed all the apps, and everything was working. I needed to restore my VM from a previous snapshot, though, and my Splunk Security Essentials stopped loading. I found community recommendations to _bump recommendation in the splunk community article "why-does-the-splunk-security-essentials-app-has-mi" (not enough karma to post the link) Number One: Most Likely
The most common culprit for this is a core bug with refreshing static assets. To get around this, run a _bump by browsing to http://yoursplunk:8000/en-US/_bump and click the button.
I also tried removing the app from /opt/splunk/etc/apps/ and reinstalled it. "
Is there something else I can try to restore SES?
Try this fix:
| inputlookup SSE-default-data-inventory-products.csv
| outputlookup data_inventory_products_lookup
it wipes any manual stuff you have already done, but the next time you try it actually works. Its worth a try.
whhich version of sse is it ?3.0.6 ?
me too; v.3.1.0