Monitoring Splunk

No data found in Monitoring console of my standalone splunk enterprise after upgrading from 6.4.1 to 7.0.0

rgadepal
New Member

Hi Team,

I have upgraded my splunk standalone enterprise (indexer) from 6.4.1 to 7.0.0. i am not able to see data in my MC. Also in resource usage tab under Machine information the instance i see is not same as i have in my general setup. Also the instance under machine information is not reachable and uri is blank. Could someone help me with thsi.

Thanks.

Labels (1)
0 Karma

codebuilder
SplunkTrust
SplunkTrust

The pass4SymmKey hashing algorithm changed between those two versions.
Try re-entering the pass4SymmKey in plain text on each node in server.conf, then cycle Splunk and try again.
That should resolve it for you.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

rgadepal
New Member

I tried the same but had no luck with it. Is there any other things i need to do/verify?

Thanks in advance!

0 Karma

codebuilder
SplunkTrust
SplunkTrust

Ensure that the log file directory and/or parent directory is still owned by your Splunk user.
This can change during an upgrade, depending on which user you used to install.

For Linux (I'm not a Windows guy) use the following:
chown -RP splunk:splunk /opt/splunk

That command assumes you're running Splunk as "splunk" and installed at /opt/splunk (obviously).

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

rgadepal
New Member

i did upgrade with splunk user only. The point to be noticed here is when i search for index=_introspection i can see that logs are getting indexed but no data shows in my splunk MC. As stated earlier my instance name under Machine info is different from the instance name in general settings.

Also, the instance under machine info is unreachable. So i changed my server Name and host in both server.conf and inputs.conf respectively to see if the instance under machine instance is being fetched from these logs. But it did not worked.

Thanks!

0 Karma
Get Updates on the Splunk Community!

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...