- Splunk Answers
- :
- Splunk Premium Solutions
- :
- Security Premium Solutions
- :
- Splunk Enterprise Security
- :
- Re: Splunk PCI App Notable Events no longer being ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk PCI App Notable Events no longer being generated or web page available
We recently upgraded our Splunk installation from 6.1.6 to 6.4.1 As part of the follow up work around this we needed to upgrade our PCI App from 2.1.1. to 3.0.1 to 3.1.0, now that everything is upgraded the Notable Events pages in the PCI app does not render in the web browser, or generate events currently. We have tried several different browsers but nothings shows up for Configure -> Incident Management -> New Notable Event, just a title and a blank white test bar in the middle of the page so we cannot even see the notable events except thru the settings menu. Seeing if anyone else has seen this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are we sure you're in Splunk_DA-ESS_PCICompliance? Also, I think Enterprise Security Suite should not be visible.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you posted a sanitized (blur our corporate info) screen shot? Are all the apps enabled - I remember you disabled a TA during the upgrade issues you faced.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Name Folder name Version Update checking Visible Sharing Status Actions
PCI Compliance SplunkPCIComplianceSuite 2.1.1 Yes Yes Global | Permissions Disabled | Enable
PCI Compliance Install App SplunkPCIComplianceSuiteInstaller 2.1.1 Yes Yes App | Permissions Enabled | Disable Launch app | Edit properties | View objects | View details on SplunkApps
PCI Compliance Splunk_DA-ESS_PCICompliance 3.1.0 Yes Yes Global | Permissions Enabled Launch app | Edit properties | View objects | View details on SplunkApps
SA-AccessProtection SA-AccessProtection 4.1.0 Yes No Global | Permissions Enabled | Disable Edit properties | View objects
SA-AuditAndDataProtection SA-AuditAndDataProtection 4.1.0 Yes No Global | Permissions Enabled | Disable Edit properties | View objects
SA-EndpointProtection SA-EndpointProtection 4.1.0 Yes No Global | Permissions Enabled | Disable Edit properties | View objects
SA-IdentityManagement SA-IdentityManagement 4.1.0 Yes No Global | Permissions Enabled | Disable Edit properties | View objects
SA-NetworkProtection SA-NetworkProtection 4.1.0 Yes No Global | Permissions Enabled | Disable Edit properties | View objects
SA-ThreatIntelligence SA-ThreatIntelligence 3.7.0 Yes No Global | Permissions Enabled | Disable Set up | Edit properties | View objects
SA-UEBA SA-UEBA 4.1.0 Yes No Global | Permissions Enabled | Disable Edit properties | View objects
SA-Utils SA-Utils 3.7.0 Yes No Global | Permissions Enabled | Disable Edit properties | View objects
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ew that formats nastily. I believe you had manually disabled one of the TAs to get through a support case. I wanted to make sure that one was since re-enabled. I do see that the 'PCI Compliance SplunkPCIComplianceSuite 2.1.1' app is disabled. Is that desired/intentional?
Lastly, I'm still interested in seeing the screenshot of the symptom you described where "the PCI app does not render in the web browser or generate events"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I do see this error in the web log as well with a 404 error trying to access the correlation searches
"GET /en-US/custom/SA-ThreatIntelligence/correlation_searches/get_searches?output_mode=json&count=-1&namespace=Splunk_DA-ESS_PCICompliance&_=1467911199246 HTTP/1.1" 404 1376 "https://splwwwsec01.llbean.com:8000/en-US/app/Splunk_DA-ESS_PCICompliance/ess_content_management" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)" - 577e8c207d7f258c2db8d0 8ms
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a similar problem but not with this app, it was with the hole splunk. I could just saw the data using the private navigation on my browser. Maybe you can try that also
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
