Solved: Invalid message type: 28 during Splunk ES 7.1 Upgr...

youngsuh · ‎05-03-2023

Getting this error via UI upgrade to Splunk 7.1: Invalid message type: 28

We're on version 9.0.4. Previous upgrade work without this error using the UI.

youngsuh · ‎05-03-2023

We deleted the /tmp to clear for the upgrade after failure. Did the CLI upgrade instead based on the documentation.

Upgrade Splunk Enterprise Security - Splunk Documentation

./splunk install app <path to app> -update 1 -auth <username>:<password>

Then we went the UI portion to finish the configuration. Watch the usual logs. Restarted the web UI.

View solution in original post

youngsuh · ‎05-03-2023

We deleted the /tmp to clear for the upgrade after failure. Did the CLI upgrade instead based on the documentation.

Upgrade Splunk Enterprise Security - Splunk Documentation

./splunk install app <path to app> -update 1 -auth <username>:<password>

Then we went the UI portion to finish the configuration. Watch the usual logs. Restarted the web UI.

computermathguy · ‎08-25-2023

I just noticed the same type-28 error. Before this occurred, were getting a "500 Internal Server" error. We are on Splunk 9.0.5

Waiting to hear back from Splunk support if they can resolve the UI install issue with ES 7.1.1

youngsuh

It appears the problem still around. I am upgrading to 7.3.1 and still getting the error. I had to use the CLI option to upgrade.

Invalid message type: 28 during Splunk ES 7.1 Upgrade

installation

troubleshooting

upgrade

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!