Splunk Enterprise Security

Need assistance with ES error after upgrade from 5.2.2 to 5.3

satyaallaparthi
Communicator

I did upgraded my SPLUNK ES v5.2.2 to 5.3.

none of the configure options are not working. Options like ES permissions and Identity management and Identity lookup's etc..

I did the backup before the upgrade and after, I found the problem in ES 5.3. So, that I kept all my old file back i.e, 5.2.2 and working fine.

Could anyone help with why none of the options under configure drop down are not working and throwing an 404 error and [object OBJECT] error even though I have all ESS_ADMIN rights and full permissions to whole SPLUNK directory.

Thanks in Advance and any help would be appreciated.

0 Karma
1 Solution

MaverickT
Communicator

We had simular issue, lots of objects were unaccessible, Splunk was constantly crashing... But we managed to resolve it.
It seems that it was connected to the issue SOLNESS-1877. We had to replace log.py in:
$SPLUNK_HOME\etc\apps\SA-Utils\lib\SolnCommon\log.py $SPLUNK_HOME\etc\apps\SplunkEnterpriseSecuritySuite\lib\SplunkEnterpriseSecuritySuite\log.py

For replacement we used log.py file from Enterprise Security release 5.2.2.

View solution in original post

0 Karma

MaverickT
Communicator

We had simular issue, lots of objects were unaccessible, Splunk was constantly crashing... But we managed to resolve it.
It seems that it was connected to the issue SOLNESS-1877. We had to replace log.py in:
$SPLUNK_HOME\etc\apps\SA-Utils\lib\SolnCommon\log.py $SPLUNK_HOME\etc\apps\SplunkEnterpriseSecuritySuite\lib\SplunkEnterpriseSecuritySuite\log.py

For replacement we used log.py file from Enterprise Security release 5.2.2.

0 Karma

satyaallaparthi
Communicator

Yes, I did raised a ticket with splunk team. They sent me the file and I replaced with new log.py and working fine now.

0 Karma

skalliger
Motivator

Hi,

this sounds like a permission problem. Did you check them? Maybe do a chown -R on the splunk directory again.

Skalli

0 Karma

satyaallaparthi
Communicator

Hello,
I am using splunk on Windows.

Yes I did checked for all permissions and I gave all permissions for everyone for the whole splunk directory in C drive.

0 Karma

skalliger
Motivator

I just heard that there are problems with 5.3.

You may want to file a support case. Perhaps either a fix is coming soon or you need to do a downgrade.

Skalli

0 Karma

satyaallaparthi
Communicator

Yes Skalliger, As i mentioned in the post I did downgraded to ES 5.2.2 again.

I raised a case with splunk a week back. Still, they are working on that and issue didn't resolved.

Thanks for your support 🙂

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...