All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk-on-Splunk : should there be a pre-made dashboard?

borgy95
Path Finder
‎05-07-2015 01:55 AM

Hi,

I've just installed the splunk-on-splunk app on our splunk deployment... A pretty small deployment that's single tier, i was under the impression the app came with premade dashboards for checking the health of ones deployment? Is this true? becuae when i select the app i am greeted by a blank screen and an invitation to start creating panels. Which i'd gladly do but i have zero reference on what kind stuff i'm going to query. In this case can someone point me in the right direction for a reference on how to query the sos db.

thanks

Reply
1 Solution
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎05-07-2015 03:55 AM

This is not normal. In all likelihood, there is an issue with the post-installation step that is supposed to put views back in place if the dependency on Sideview Utils is found to be fulfilled.

I would recommend to take the following steps:

  • Check that the latest version of S.o.S is installed
  • Check that the latest version of Sideview Utils is installed
  • Reload the S.o.S home view
  • If this doesn't solve the problem, go to $SPLUNK_HOME/etc/apps/sos/default/data/ui/views and manually rename every view file from *.bak to *.xml, then restart Splunk

View solution in original post

Reply
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎05-07-2015 03:55 AM

This is not normal. In all likelihood, there is an issue with the post-installation step that is supposed to put views back in place if the dependency on Sideview Utils is found to be fulfilled.

I would recommend to take the following steps:

  • Check that the latest version of S.o.S is installed
  • Check that the latest version of Sideview Utils is installed
  • Reload the S.o.S home view
  • If this doesn't solve the problem, go to $SPLUNK_HOME/etc/apps/sos/default/data/ui/views and manually rename every view file from *.bak to *.xml, then restart Splunk
Reply
Solved! Jump to solution

borgy95
Path Finder
‎05-07-2015 07:06 AM

Hey thanks for this! It turned out the apps packages i had downloaded from the website were bogus..

It was your comment:

"If this doesn't solve the problem, go to $SPLUNK_HOME/etc/apps/sos/default/data/ui/views and manually rename every view file from *.bak to *.xml, then restart Splunk"

When i looked in the dir i saw 0 views! so figured something must have gone wonky in the dl/copying. anyway its looking much healthier now...

However when i go to enable the scripts, the following error is throwing itself up...

"Error occurred attempting to enable /opt/splunk/etc/apps/sos/bin/ps_sos.sh: In handler 'script': Could not find writer for: /nobody/sos/inputs/script://./bin/ps_sos.sh [1] [/opt/splunk/etc]."

I've check ownership and permissions on the scripts at the cli and alls good. any other ideas? I choose the lazy option this time and choose to install the app via the splunkweb interface where you can just upload the tarball... If it makes a difference.

Thanks!

0 Karma
Reply
Solved! Jump to solution

borgy95
Path Finder
‎05-07-2015 07:17 AM

It was permissions error... as i thought.. .i just had to change the perm of every file in the app.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

Happy CX Day, Splunk Community!

Happy CX Day, Splunk Community! CX stands for Customer Experience, and today, October 3rd, is CX Day — a ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...