Splunk Enterprise Security

Invalid message type: 28 during Splunk ES 7.1 Upgrade

youngsuh
Contributor

Getting this error via UI upgrade to Splunk 7.1:  Invalid message type: 28

We're on version 9.0.4.  Previous upgrade work without this error using the UI.

Labels (3)
0 Karma
1 Solution

youngsuh
Contributor

We deleted the /tmp to clear for the upgrade after failure.  Did the CLI upgrade instead based on the documentation.

Upgrade Splunk Enterprise Security - Splunk Documentation

./splunk install app <path to app> -update 1 -auth <username>:<password>

Then we went the UI portion to finish the configuration.  Watch the usual logs. Restarted the web UI.

View solution in original post

youngsuh
Contributor

We deleted the /tmp to clear for the upgrade after failure.  Did the CLI upgrade instead based on the documentation.

Upgrade Splunk Enterprise Security - Splunk Documentation

./splunk install app <path to app> -update 1 -auth <username>:<password>

Then we went the UI portion to finish the configuration.  Watch the usual logs. Restarted the web UI.

computermathguy
Explorer

I just noticed the same type-28 error.  Before this occurred, were getting a "500 Internal Server" error. We are on Splunk 9.0.5

Waiting to hear back from Splunk support if they can resolve the UI install issue with ES 7.1.1

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...