Splunk Enterprise Security

Errors after upgrading to Splunk ES 6.0

hettervi
Builder

Hi,

I've just upgraded to Splunk 6.0, but I have encountered some problems. Some of the dashbaords won't load anymore, namely the "Incident Review" and "Investigations" dashboards. When I try to open the "Incident Review" dashboard I get an error No module named http.client, and also I have an error that says Unable to initialize modular input "whois" defined inside the app "SA-NetworkProtection". We tested this extact same upgrade in a test environment first, and it worked fine (kind of), but when we do the same install in production we get these errors. Any ideas on what might be the problem?

0 Karma
1 Solution

hettervi
Builder

The problems we had with Splunk ES version 6.0 disappeared when we upgraded Splunk from 7.2.6 to 7.3.3. It seems that there was some compability issues with Splunk 7.2.6 and Splunk ES 6.0, which is strange because the page for Splunk ES 6.0 on splunkbase.com says it is compatible with Splunk 7.2.

View solution in original post

0 Karma

hettervi
Builder

The problems we had with Splunk ES version 6.0 disappeared when we upgraded Splunk from 7.2.6 to 7.3.3. It seems that there was some compability issues with Splunk 7.2.6 and Splunk ES 6.0, which is strange because the page for Splunk ES 6.0 on splunkbase.com says it is compatible with Splunk 7.2.

0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

 March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...