Splunk Enterprise Security

Issues after upgrading Splunk Enterprise security to 5.3

ranjitbrhm1
Communicator

Good Day All,
I recently upgraded my ES running on a linux box to 5.3. The update went smooth but once the update got finished the investigation tab shows Unexpected token < in JSON at position 0
The incident review shows
External handler failed with code '1' and output: ". See splunkd.log for stderr output.
The content management site shows something about cannot access lookup table as i dont remember exactly what the error is.
The splunkd.log seems to be showing a lot of errors about python 2.4. The site being secure i cannot directly copy the logs out from the server. Has anyone ran into the above listed errors upgrading to splunk ES 5.3?
Thanks

0 Karma
1 Solution

ranjitbrhm1
Communicator

I am actually not sure what fixed my issue but it might be one of the below steps or both.
1. Once the upgrade is completed there are a couple of tasks that have to be done like deleting some files from the ES directory. It is documented in the splunk docs under upgrade of ES. Complete those steps.
2. Completely upgrade your splunk instance to the latest version. Once done, restart the whole instance and the errors will go away.
Thanks

View solution in original post

0 Karma

ranjitbrhm1
Communicator

I am actually not sure what fixed my issue but it might be one of the below steps or both.
1. Once the upgrade is completed there are a couple of tasks that have to be done like deleting some files from the ES directory. It is documented in the splunk docs under upgrade of ES. Complete those steps.
2. Completely upgrade your splunk instance to the latest version. Once done, restart the whole instance and the errors will go away.
Thanks

0 Karma

ssattler
Path Finder

same problem, I am going to open a support ticket to get it working.

0 Karma

ssattler
Path Finder

you have to copy over a .py file that support gives you.

0 Karma

smoir_splunk
Splunk Employee
Splunk Employee

Did you clear the web browser cache after the upgrade? Do you see any errors in splunkd.log? Did the upgrade complete and all supporting add-ons were successfully updated?

Please share the troubleshooting steps you took after identifying these errors 🙂

0 Karma

ranjitbrhm1
Communicator

I didnt clear the browser cache actually. I tried moving the ES to disabled folders, reinstalled the splunk ES app and its the same error. Being a secure site i couldnt copy out the exact logs from the splunkd log. I remember the SA apps and the DA apps complaining about python repeating on the log file every time i try to access the tabs.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...