Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Issues after upgrading Splunk Enterprise security to 5.3

ranjitbrhm1
Communicator
‎04-11-2019 12:26 AM

Good Day All,
I recently upgraded my ES running on a linux box to 5.3. The update went smooth but once the update got finished the investigation tab shows Unexpected token < in JSON at position 0
The incident review shows
External handler failed with code '1' and output: ". See splunkd.log for stderr output.
The content management site shows something about cannot access lookup table as i dont remember exactly what the error is.
The splunkd.log seems to be showing a lot of errors about python 2.4. The site being secure i cannot directly copy the logs out from the server. Has anyone ran into the above listed errors upgrading to splunk ES 5.3?
Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ranjitbrhm1
Communicator
‎07-10-2019 05:11 PM

I am actually not sure what fixed my issue but it might be one of the below steps or both.
1. Once the upgrade is completed there are a couple of tasks that have to be done like deleting some files from the ES directory. It is documented in the splunk docs under upgrade of ES. Complete those steps.
2. Completely upgrade your splunk instance to the latest version. Once done, restart the whole instance and the errors will go away.
Thanks

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ranjitbrhm1
Communicator
‎07-10-2019 05:11 PM

I am actually not sure what fixed my issue but it might be one of the below steps or both.
1. Once the upgrade is completed there are a couple of tasks that have to be done like deleting some files from the ES directory. It is documented in the splunk docs under upgrade of ES. Complete those steps.
2. Completely upgrade your splunk instance to the latest version. Once done, restart the whole instance and the errors will go away.
Thanks

0 Karma
Reply
Solved! Jump to solution

ssattler
Path Finder
‎07-10-2019 12:03 PM

same problem, I am going to open a support ticket to get it working.

0 Karma
Reply
Solved! Jump to solution

ssattler
Path Finder
‎08-01-2019 08:23 AM

you have to copy over a .py file that support gives you.

0 Karma
Reply
Solved! Jump to solution

smoir_splunk
Splunk Employee
Splunk Employee
‎04-11-2019 10:49 AM

Did you clear the web browser cache after the upgrade? Do you see any errors in splunkd.log? Did the upgrade complete and all supporting add-ons were successfully updated?

Please share the troubleshooting steps you took after identifying these errors 🙂

0 Karma
Reply
Solved! Jump to solution

ranjitbrhm1
Communicator
‎04-11-2019 11:20 AM

I didnt clear the browser cache actually. I tried moving the ES to disabled folders, reinstalled the splunk ES app and its the same error. Being a secure site i couldnt copy out the exact logs from the splunkd log. I remember the SA apps and the DA apps complaining about python repeating on the log file every time i try to access the tabs.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

&#x1f342; Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...