Why can't I see most of the dashboards after migra...

christopherr_sp · ‎11-20-2018

Splunk Enterprise is migrated from 6.5.3 to 7.1.2 and also Splunk Enterprise Security App
has been upgraded from 4.7.1 to 5.1.1.

After the upgrade, most of the navigational dashboards are not visible anymore.

For example, inside Enterprise Security under Security Intelligence, you will see “Risk Analysis”,
“Protocol Intelligence”, “Threat Intelligence”, “User Intelligence” and “Web Intelligence”.

Now, after upgrade to 5.1.1, inside Enterprise Security Under Security Intelligence I can only see
“Risk Analysis”. I can only see that for Security Domains as well. “Identity” are not visible anymore.

christopherr_sp · ‎11-20-2018

Support logged a Bug with Development and it was confirmed as a Bug. After Splunk 4.7.x
SA (Security Add on)/DA (Domain Add on) apps were disabled before the post-installation setup.

During the 5.1.1 upgrade SAs were re-enabled, but DAs were not.

SOLNESS-17018 Navigation: Splunk ES 5.1.1 not showing most of the dashboards after migration from 4.7.1

The solution is to re-enable all DAs (Domain Add ons).

To re-enable apps click "Manage Apps" from the app dropdown on the navigation bar in ES or
navigate to https://examplehost.splunk.com:8000/en-US/manager/SplunkEnterpriseSecuritySuite/apps/local

(Replace: examplehost.splunk.com with the name of your host).

Why can't I see most of the dashboards after migration from ES 4.7.1 to Splunk Enterprise Security 5.1.1?

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users