Splunk Enterprise Security

Errors after upgrading to Splunk ES 6.0

hettervi
Builder

Hi,

I've just upgraded to Splunk 6.0, but I have encountered some problems. Some of the dashbaords won't load anymore, namely the "Incident Review" and "Investigations" dashboards. When I try to open the "Incident Review" dashboard I get an error No module named http.client, and also I have an error that says Unable to initialize modular input "whois" defined inside the app "SA-NetworkProtection". We tested this extact same upgrade in a test environment first, and it worked fine (kind of), but when we do the same install in production we get these errors. Any ideas on what might be the problem?

0 Karma
1 Solution

hettervi
Builder

The problems we had with Splunk ES version 6.0 disappeared when we upgraded Splunk from 7.2.6 to 7.3.3. It seems that there was some compability issues with Splunk 7.2.6 and Splunk ES 6.0, which is strange because the page for Splunk ES 6.0 on splunkbase.com says it is compatible with Splunk 7.2.

View solution in original post

0 Karma

hettervi
Builder

The problems we had with Splunk ES version 6.0 disappeared when we upgraded Splunk from 7.2.6 to 7.3.3. It seems that there was some compability issues with Splunk 7.2.6 and Splunk ES 6.0, which is strange because the page for Splunk ES 6.0 on splunkbase.com says it is compatible with Splunk 7.2.

View solution in original post

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!