There appears to be issues with Splunk Enterprise on Splunk 7.1
Is there a reason that the Incident Review "Urgency" selection panel is not showing? [See Image Below]
I have tested this with clean installs of ES 4.7.4 and 5.0.
Splunk Enterprise Security 5.1 is compatible with Splunk 7.1.
Per the docs: Splunk Web for Splunk 7.1.0 and Splunk Enterprise Security 5.1.0 provides an updated look and feel. As a result, these two releases of the Splunk platform and Splunk Enterprise Security are only supported with each other.
http://docs.splunk.com/Documentation/ES/5.1.0/RN/Enhancements
Splunk Enterprise Security 5.1 is compatible with Splunk 7.1.
Per the docs: Splunk Web for Splunk 7.1.0 and Splunk Enterprise Security 5.1.0 provides an updated look and feel. As a result, these two releases of the Splunk platform and Splunk Enterprise Security are only supported with each other.
http://docs.splunk.com/Documentation/ES/5.1.0/RN/Enhancements
Wouldn't it be nice to put some sort of warning on the site or at the top of the release notes? Just wondering.
Do you have a possible date for this update?
Nope, as I stated in the comments to my answer, the next release will be compatible, but we can't publicly comment about timelines. You can trust that we know this is a pain point for customers to have a lag time like this, and are working to address that.
Interesting.
Shouldn't a .1 release be compatible with or have an accompanied upgrade for a flagship modules like ES 5.0.0 released not long ago?
just a thought ...
Reading the release notes is an important part of any upgrade. 🙂
imagine that!!! 🙂
There is no version of Splunk Enterprise Security that is compatible with Splunk Enterprise or Splunk Cloud 7.1 at this time.
Please update your answer to advise 7.1 is released when you have time.
Blog post here and release notes here
Is there an ETA on when it's going to be compatible? I'm in the same boat on my production instance.
hopefully it doesn't take as long as it it did for the F5 add-on... 😕
Splunk ES 5.1 was released and supports Splunk 7.1
"Splunk Web enhancements and version compatibility Splunk Web for Splunk 7.1.0 and Splunk Enterprise Security 5.1.0 provides an updated look and feel. As a result, these two releases of the Splunk platform and Splunk Enterprise Security are only supported with each other." - http://docs.splunk.com/Documentation/ES/5.1.0/RN/Enhancements
need an update for ES 4.x... it will be a while before we upgrade to ES 5.
4.7.6 was the last update to ES 4.x
From the information I've been able to gather, we're waiting for the next ES release to include the updated UI components necessary for compatibility with 7.1.
The next release will be compatible, but we can't publicly comment about timelines. You can trust that we know this is a pain point for customers to have a lag time like this, and are working to address that.
Thank you smoir for responding. Everything seems somewhat ok except for the incident_review_page.xml .. Browser console shows "Uncaught TypeError: i._btnClass is not a constructor"
If only I knew javascript 🙂
There is almost certainly other stuff going on behind the scenes, but incident review is always the most obvious one that is affected 🙂