Monitoring Splunk

No data found in Monitoring console of my standalone splunk enterprise after upgrading from 6.4.1 to 7.0.0

rgadepal
New Member

Hi Team,

I have upgraded my splunk standalone enterprise (indexer) from 6.4.1 to 7.0.0. i am not able to see data in my MC. Also in resource usage tab under Machine information the instance i see is not same as i have in my general setup. Also the instance under machine information is not reachable and uri is blank. Could someone help me with thsi.

Thanks.

Labels (1)
0 Karma

codebuilder
SplunkTrust
SplunkTrust

The pass4SymmKey hashing algorithm changed between those two versions.
Try re-entering the pass4SymmKey in plain text on each node in server.conf, then cycle Splunk and try again.
That should resolve it for you.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

rgadepal
New Member

I tried the same but had no luck with it. Is there any other things i need to do/verify?

Thanks in advance!

0 Karma

codebuilder
SplunkTrust
SplunkTrust

Ensure that the log file directory and/or parent directory is still owned by your Splunk user.
This can change during an upgrade, depending on which user you used to install.

For Linux (I'm not a Windows guy) use the following:
chown -RP splunk:splunk /opt/splunk

That command assumes you're running Splunk as "splunk" and installed at /opt/splunk (obviously).

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

rgadepal
New Member

i did upgrade with splunk user only. The point to be noticed here is when i search for index=_introspection i can see that logs are getting indexed but no data shows in my splunk MC. As stated earlier my instance name under Machine info is different from the instance name in general settings.

Also, the instance under machine info is unreachable. So i changed my server Name and host in both server.conf and inputs.conf respectively to see if the instance under machine instance is being fetched from these logs. But it did not worked.

Thanks!

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...