Why is there Splunk Cloud Monitoring Console Inacc...

jamie1 · ‎07-31-2023

Hi There,

I have just checked the Cloud Monitoring Console after receiving an email that noted some apps were ready to be upgraded to Python 3. I am using Splunk Cloud and saw the following information about my universal forwarders.

I have attached a screenshot, but the date doesn't appear to make sense and the newer version is showing as being outdated.

Any help would be appreciated,

Jamie

livehybrid · ‎08-04-2023

This is because the Cloud Monitoring Console version on your cloud stack does not currently have the support end-dates configured for 9.1.x, the following eval is used to determine the support expiration:

| eval fwd_7_3_eos=relative_time(strptime("22-Oct-2021", "%d-%b-%Y"), "+1d@d"), fwd_8_0_eos=relative_time(strptime("22-Oct-2021", "%d-%b-%Y"), "+1d@d"), fwd_8_1_eos=relative_time(strptime("19-Apr-2023", "%d-%b-%Y"), "+1d@d"), fwd_8_2_eos=relative_time(strptime("12-May-2023", "%d-%b-%Y"), "+1d@d"), fwd_9_0_eos=relative_time(strptime("14-Jun-2024", "%d-%b-%Y"), "+1d@d"), fwd_default_eos=relative_time(strptime("01-Jan-1971", "%d-%b-%Y"), "+1d@d") 
| eval expTimestamp = case( match(version, "^7\.3"), fwd_7_3_eos, match(version, "^8\.0"), fwd_8_0_eos, match(version, "^8\.1"), fwd_8_1_eos, match(version, "^8\.2"), fwd_8_2_eos, match(version, "^9\.0"), fwd_9_0_eos, 1==1, fwd_default_eos)

As you may be able to see, this only currently goes up to 9.0, else it falls back onto "fwd_default_eos" which is the date you're seeing (2nd Jan 1971)

Why is there Splunk Cloud Monitoring Console Inaccuracy?

forwarder

forwarder management

monitoring console

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?