Splunk Enterprise Security

Errors after upgrading to Splunk ES 6.0

hettervik
Builder

Hi,

I've just upgraded to Splunk 6.0, but I have encountered some problems. Some of the dashbaords won't load anymore, namely the "Incident Review" and "Investigations" dashboards. When I try to open the "Incident Review" dashboard I get an error No module named http.client, and also I have an error that says Unable to initialize modular input "whois" defined inside the app "SA-NetworkProtection". We tested this extact same upgrade in a test environment first, and it worked fine (kind of), but when we do the same install in production we get these errors. Any ideas on what might be the problem?

0 Karma
1 Solution

hettervik
Builder

The problems we had with Splunk ES version 6.0 disappeared when we upgraded Splunk from 7.2.6 to 7.3.3. It seems that there was some compability issues with Splunk 7.2.6 and Splunk ES 6.0, which is strange because the page for Splunk ES 6.0 on splunkbase.com says it is compatible with Splunk 7.2.

View solution in original post

0 Karma

hettervik
Builder

The problems we had with Splunk ES version 6.0 disappeared when we upgraded Splunk from 7.2.6 to 7.3.3. It seems that there was some compability issues with Splunk 7.2.6 and Splunk ES 6.0, which is strange because the page for Splunk ES 6.0 on splunkbase.com says it is compatible with Splunk 7.2.

0 Karma
Get Updates on the Splunk Community!

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...