Splunk Enterprise Security

Need assistance with ES error after upgrade from 5.2.2 to 5.3

Path Finder

I did upgraded my SPLUNK ES v5.2.2 to 5.3.

none of the configure options are not working. Options like ES permissions and Identity management and Identity lookup's etc..

I did the backup before the upgrade and after, I found the problem in ES 5.3. So, that I kept all my old file back i.e, 5.2.2 and working fine.

Could anyone help with why none of the options under configure drop down are not working and throwing an 404 error and [object OBJECT] error even though I have all ESS_ADMIN rights and full permissions to whole SPLUNK directory.

Thanks in Advance and any help would be appreciated.

0 Karma
1 Solution

Communicator

We had simular issue, lots of objects were unaccessible, Splunk was constantly crashing... But we managed to resolve it.
It seems that it was connected to the issue SOLNESS-1877. We had to replace log.py in:
$SPLUNK_HOME\etc\apps\SA-Utils\lib\SolnCommon\log.py $SPLUNK_HOME\etc\apps\SplunkEnterpriseSecuritySuite\lib\SplunkEnterpriseSecuritySuite\log.py

For replacement we used log.py file from Enterprise Security release 5.2.2.

View solution in original post

0 Karma

Communicator

We had simular issue, lots of objects were unaccessible, Splunk was constantly crashing... But we managed to resolve it.
It seems that it was connected to the issue SOLNESS-1877. We had to replace log.py in:
$SPLUNK_HOME\etc\apps\SA-Utils\lib\SolnCommon\log.py $SPLUNK_HOME\etc\apps\SplunkEnterpriseSecuritySuite\lib\SplunkEnterpriseSecuritySuite\log.py

For replacement we used log.py file from Enterprise Security release 5.2.2.

View solution in original post

0 Karma

Path Finder

Yes, I did raised a ticket with splunk team. They sent me the file and I replaced with new log.py and working fine now.

0 Karma

SplunkTrust
SplunkTrust

Hi,

this sounds like a permission problem. Did you check them? Maybe do a chown -R on the splunk directory again.

Skalli

0 Karma

Path Finder

Hello,
I am using splunk on Windows.

Yes I did checked for all permissions and I gave all permissions for everyone for the whole splunk directory in C drive.

0 Karma

SplunkTrust
SplunkTrust

I just heard that there are problems with 5.3.

You may want to file a support case. Perhaps either a fix is coming soon or you need to do a downgrade.

Skalli

0 Karma

Path Finder

Yes Skalliger, As i mentioned in the post I did downgraded to ES 5.2.2 again.

I raised a case with splunk a week back. Still, they are working on that and issue didn't resolved.

Thanks for your support 🙂

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!