I've upgraded Splunk from 6.1.7 to 6.3.1.
Splunk Help->About now says: "Splunk Version 4.0, Splunk Build 000, Current App Search & Reporting, App Version 6.3.1, Server Name N/A".
Why? Does this mean the upgrade didn't work?
Do I have to uninstall and reinstall?
splunk --version says:
"Splunk 6.3.1 (build f3e41e4b37b2)"
This box would probably once have had Splunk 5.0.4 on it, but I don't think it ever had anything earlier than that.
Our SHC is version 6.6.0, but we are seeing this 4.0 thing now. Once last week, so we did a rolling restart to resolve it. Today it is back.
We are in production, so there must be a better recourse than a fresh install.
It has happened again today and our SHC is version 6.6.2 now.
Has anyone found a cause and permanent solution to this issue?
A rolling restart will temporarily resolve the issue and we don't have the luxury to do a fresh install.
Something else that I checked this time was the debug info for each of the individual search heads: http://SearchHeadName/en-US/debug/echo?ping=ok
All but one of the search heads were showing UNKNOWN_VERSION listed in the "Server Info" at the bottom of the debug window.
I logged into each one individually as the admin account using their respective URLs (http://SearchHeadName/en-US/account/login?loginType=Splunk) and then reloaded the debug URL, and this time the correct version was displayed in the Server Info.
After I finished logging into each one, I logged back into the URL for the SHC and this time the correct version was shown.
If anyone else has any info on this then please share. Thanks!
This doesn't sound right at all. It should list the correct installed version and also show you a valid hostname following "Server Name". If you have the luxury, I would probably do a clean install from scratch.