All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk-on-Splunk : should there be a pre-made dashboard?

borgy95
Path Finder
‎05-07-2015 01:55 AM

Hi,

I've just installed the splunk-on-splunk app on our splunk deployment... A pretty small deployment that's single tier, i was under the impression the app came with premade dashboards for checking the health of ones deployment? Is this true? becuae when i select the app i am greeted by a blank screen and an invitation to start creating panels. Which i'd gladly do but i have zero reference on what kind stuff i'm going to query. In this case can someone point me in the right direction for a reference on how to query the sos db.

thanks

Reply
1 Solution
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎05-07-2015 03:55 AM

This is not normal. In all likelihood, there is an issue with the post-installation step that is supposed to put views back in place if the dependency on Sideview Utils is found to be fulfilled.

I would recommend to take the following steps:

  • Check that the latest version of S.o.S is installed
  • Check that the latest version of Sideview Utils is installed
  • Reload the S.o.S home view
  • If this doesn't solve the problem, go to $SPLUNK_HOME/etc/apps/sos/default/data/ui/views and manually rename every view file from *.bak to *.xml, then restart Splunk

View solution in original post

Reply
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎05-07-2015 03:55 AM

This is not normal. In all likelihood, there is an issue with the post-installation step that is supposed to put views back in place if the dependency on Sideview Utils is found to be fulfilled.

I would recommend to take the following steps:

  • Check that the latest version of S.o.S is installed
  • Check that the latest version of Sideview Utils is installed
  • Reload the S.o.S home view
  • If this doesn't solve the problem, go to $SPLUNK_HOME/etc/apps/sos/default/data/ui/views and manually rename every view file from *.bak to *.xml, then restart Splunk
Reply
Solved! Jump to solution

borgy95
Path Finder
‎05-07-2015 07:06 AM

Hey thanks for this! It turned out the apps packages i had downloaded from the website were bogus..

It was your comment:

"If this doesn't solve the problem, go to $SPLUNK_HOME/etc/apps/sos/default/data/ui/views and manually rename every view file from *.bak to *.xml, then restart Splunk"

When i looked in the dir i saw 0 views! so figured something must have gone wonky in the dl/copying. anyway its looking much healthier now...

However when i go to enable the scripts, the following error is throwing itself up...

"Error occurred attempting to enable /opt/splunk/etc/apps/sos/bin/ps_sos.sh: In handler 'script': Could not find writer for: /nobody/sos/inputs/script://./bin/ps_sos.sh [1] [/opt/splunk/etc]."

I've check ownership and permissions on the scripts at the cli and alls good. any other ideas? I choose the lazy option this time and choose to install the app via the splunkweb interface where you can just upload the tarball... If it makes a difference.

Thanks!

0 Karma
Reply
Solved! Jump to solution

borgy95
Path Finder
‎05-07-2015 07:17 AM

It was permissions error... as i thought.. .i just had to change the perm of every file in the app.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...