Splunk Enterprise Security

Enterprise Security in Splunk 7.1

jowenssi
Path Finder

There appears to be issues with Splunk Enterprise on Splunk 7.1

Is there a reason that the Incident Review "Urgency" selection panel is not showing? [See Image Below]

I have tested this with clean installs of ES 4.7.4 and 5.0.

alt text

0 Karma
1 Solution

jowenssi
Path Finder

Splunk Enterprise Security 5.1 is compatible with Splunk 7.1.

Per the docs: Splunk Web for Splunk 7.1.0 and Splunk Enterprise Security 5.1.0 provides an updated look and feel. As a result, these two releases of the Splunk platform and Splunk Enterprise Security are only supported with each other.

http://docs.splunk.com/Documentation/ES/5.1.0/RN/Enhancements

View solution in original post

0 Karma

jowenssi
Path Finder

Splunk Enterprise Security 5.1 is compatible with Splunk 7.1.

Per the docs: Splunk Web for Splunk 7.1.0 and Splunk Enterprise Security 5.1.0 provides an updated look and feel. As a result, these two releases of the Splunk platform and Splunk Enterprise Security are only supported with each other.

http://docs.splunk.com/Documentation/ES/5.1.0/RN/Enhancements

0 Karma

jorgepinto1
Explorer

Wouldn't it be nice to put some sort of warning on the site or at the top of the release notes? Just wondering.

0 Karma

aagudelos
Engager

Do you have a possible date for this update?

smoir_splunk
Splunk Employee
Splunk Employee

Nope, as I stated in the comments to my answer, the next release will be compatible, but we can't publicly comment about timelines. You can trust that we know this is a pain point for customers to have a lag time like this, and are working to address that.

0 Karma

jamesbrock
Path Finder

Interesting.

Shouldn't a .1 release be compatible with or have an accompanied upgrade for a flagship modules like ES 5.0.0 released not long ago?

just a thought ...

0 Karma

delink
Communicator

Reading the release notes is an important part of any upgrade. 🙂

0 Karma

itradeclayton
Path Finder

imagine that!!! 🙂

0 Karma

smoir_splunk
Splunk Employee
Splunk Employee

There is no version of Splunk Enterprise Security that is compatible with Splunk Enterprise or Splunk Cloud 7.1 at this time.

gjanders
SplunkTrust
SplunkTrust

Please update your answer to advise 7.1 is released when you have time.
Blog post here and release notes here

tommoore
Path Finder

Is there an ETA on when it's going to be compatible? I'm in the same boat on my production instance.

0 Karma

itradeclayton
Path Finder

hopefully it doesn't take as long as it it did for the F5 add-on... 😕

0 Karma

jowenssi
Path Finder

Splunk ES 5.1 was released and supports Splunk 7.1

"Splunk Web enhancements and version compatibility Splunk Web for Splunk 7.1.0 and Splunk Enterprise Security 5.1.0 provides an updated look and feel. As a result, these two releases of the Splunk platform and Splunk Enterprise Security are only supported with each other." - http://docs.splunk.com/Documentation/ES/5.1.0/RN/Enhancements

itradeclayton
Path Finder

need an update for ES 4.x... it will be a while before we upgrade to ES 5.

0 Karma

smoir_splunk
Splunk Employee
Splunk Employee

4.7.6 was the last update to ES 4.x

0 Karma

jowenssi
Path Finder

From the information I've been able to gather, we're waiting for the next ES release to include the updated UI components necessary for compatibility with 7.1.

0 Karma

smoir_splunk
Splunk Employee
Splunk Employee

The next release will be compatible, but we can't publicly comment about timelines. You can trust that we know this is a pain point for customers to have a lag time like this, and are working to address that.

tommoore
Path Finder

Thank you smoir for responding. Everything seems somewhat ok except for the incident_review_page.xml .. Browser console shows "Uncaught TypeError: i._btnClass is not a constructor"

If only I knew javascript 🙂

0 Karma

smoir_splunk
Splunk Employee
Splunk Employee

There is almost certainly other stuff going on behind the scenes, but incident review is always the most obvious one that is affected 🙂

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...