Solved: Errors after upgrading to Splunk ES 6.0

hettervik · ‎12-05-2019

Hi,

I've just upgraded to Splunk 6.0, but I have encountered some problems. Some of the dashbaords won't load anymore, namely the "Incident Review" and "Investigations" dashboards. When I try to open the "Incident Review" dashboard I get an error No module named http.client, and also I have an error that says Unable to initialize modular input "whois" defined inside the app "SA-NetworkProtection". We tested this extact same upgrade in a test environment first, and it worked fine (kind of), but when we do the same install in production we get these errors. Any ideas on what might be the problem?

hettervik · ‎12-11-2019

The problems we had with Splunk ES version 6.0 disappeared when we upgraded Splunk from 7.2.6 to 7.3.3. It seems that there was some compability issues with Splunk 7.2.6 and Splunk ES 6.0, which is strange because the page for Splunk ES 6.0 on splunkbase.com says it is compatible with Splunk 7.2.

View solution in original post

hettervik · ‎12-11-2019

The problems we had with Splunk ES version 6.0 disappeared when we upgraded Splunk from 7.2.6 to 7.3.3. It seems that there was some compability issues with Splunk 7.2.6 and Splunk ES 6.0, which is strange because the page for Splunk ES 6.0 on splunkbase.com says it is compatible with Splunk 7.2.

Errors after upgrading to Splunk ES 6.0

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform