Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk PCI App Notable Events no longer being generated or web page available

mux
Explorer
‎07-05-2016 01:59 PM

We recently upgraded our Splunk installation from 6.1.6 to 6.4.1 As part of the follow up work around this we needed to upgrade our PCI App from 2.1.1. to 3.0.1 to 3.1.0, now that everything is upgraded the Notable Events pages in the PCI app does not render in the web browser, or generate events currently. We have tried several different browsers but nothings shows up for Configure -> Incident Management -> New Notable Event, just a title and a blank white test bar in the middle of the page so we cannot even see the notable events except thru the settings menu. Seeing if anyone else has seen this?

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎07-07-2016 12:44 PM

Are we sure you're in Splunk_DA-ESS_PCICompliance? Also, I think Enterprise Security Suite should not be visible.

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎07-06-2016 07:42 AM

Can you posted a sanitized (blur our corporate info) screen shot? Are all the apps enabled - I remember you disabled a TA during the upgrade issues you faced.

0 Karma
Reply

mux
Explorer
‎07-06-2016 11:02 AM

Name Folder name Version Update checking Visible Sharing Status Actions
PCI Compliance SplunkPCIComplianceSuite 2.1.1 Yes Yes Global | Permissions Disabled | Enable

PCI Compliance Install App SplunkPCIComplianceSuiteInstaller 2.1.1 Yes Yes App | Permissions Enabled | Disable Launch app | Edit properties | View objects | View details on SplunkApps

PCI Compliance Splunk_DA-ESS_PCICompliance 3.1.0 Yes Yes Global | Permissions Enabled Launch app | Edit properties | View objects | View details on SplunkApps

SA-AccessProtection SA-AccessProtection 4.1.0 Yes No Global | Permissions Enabled | Disable Edit properties | View objects

SA-AuditAndDataProtection SA-AuditAndDataProtection 4.1.0 Yes No Global | Permissions Enabled | Disable Edit properties | View objects

SA-EndpointProtection SA-EndpointProtection 4.1.0 Yes No Global | Permissions Enabled | Disable Edit properties | View objects

SA-IdentityManagement SA-IdentityManagement 4.1.0 Yes No Global | Permissions Enabled | Disable Edit properties | View objects

SA-NetworkProtection SA-NetworkProtection 4.1.0 Yes No Global | Permissions Enabled | Disable Edit properties | View objects

SA-ThreatIntelligence SA-ThreatIntelligence 3.7.0 Yes No Global | Permissions Enabled | Disable Set up | Edit properties | View objects

SA-UEBA SA-UEBA 4.1.0 Yes No Global | Permissions Enabled | Disable Edit properties | View objects

SA-Utils SA-Utils 3.7.0 Yes No Global | Permissions Enabled | Disable Edit properties | View objects

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎07-07-2016 05:32 AM

Ew that formats nastily. I believe you had manually disabled one of the TAs to get through a support case. I wanted to make sure that one was since re-enabled. I do see that the 'PCI Compliance SplunkPCIComplianceSuite 2.1.1' app is disabled. Is that desired/intentional?

Lastly, I'm still interested in seeing the screenshot of the symptom you described where "the PCI app does not render in the web browser or generate events"

0 Karma
Reply

mux
Explorer
‎07-07-2016 10:33 AM

I do see this error in the web log as well with a 404 error trying to access the correlation searches

"GET /en-US/custom/SA-ThreatIntelligence/correlation_searches/get_searches?output_mode=json&count=-1&namespace=Splunk_DA-ESS_PCICompliance&_=1467911199246 HTTP/1.1" 404 1376 "https://splwwwsec01.llbean.com:8000/en-US/app/Splunk_DA-ESS_PCICompliance/ess_content_management" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)" - 577e8c207d7f258c2db8d0 8ms

0 Karma
Reply

gfreitas
Builder
‎07-05-2016 02:05 PM

I have a similar problem but not with this app, it was with the hole splunk. I could just saw the data using the private navigation on my browser. Maybe you can try that also

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey


Introducing Unified TDIR with the New Enterprise Security 8.2

Read the blog

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...