Solved: Errors after upgrading to Splunk ES 6.0

hettervi · ‎12-05-2019

Hi,

I've just upgraded to Splunk 6.0, but I have encountered some problems. Some of the dashbaords won't load anymore, namely the "Incident Review" and "Investigations" dashboards. When I try to open the "Incident Review" dashboard I get an error No module named http.client, and also I have an error that says Unable to initialize modular input "whois" defined inside the app "SA-NetworkProtection". We tested this extact same upgrade in a test environment first, and it worked fine (kind of), but when we do the same install in production we get these errors. Any ideas on what might be the problem?

hettervi · ‎12-11-2019

The problems we had with Splunk ES version 6.0 disappeared when we upgraded Splunk from 7.2.6 to 7.3.3. It seems that there was some compability issues with Splunk 7.2.6 and Splunk ES 6.0, which is strange because the page for Splunk ES 6.0 on splunkbase.com says it is compatible with Splunk 7.2.

View solution in original post

hettervi · ‎12-11-2019

The problems we had with Splunk ES version 6.0 disappeared when we upgraded Splunk from 7.2.6 to 7.3.3. It seems that there was some compability issues with Splunk 7.2.6 and Splunk ES 6.0, which is strange because the page for Splunk ES 6.0 on splunkbase.com says it is compatible with Splunk 7.2.

Errors after upgrading to Splunk ES 6.0

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023