Splunk Enterprise Security

Why can't I see most of the dashboards after migration from ES 4.7.1 to Splunk Enterprise Security 5.1.1?

christopherr_sp
Splunk Employee
Splunk Employee

Splunk Enterprise is migrated from 6.5.3 to 7.1.2 and also Splunk Enterprise Security App
has been upgraded from 4.7.1 to 5.1.1.

After the upgrade, most of the navigational dashboards are not visible anymore.

For example, inside Enterprise Security under Security Intelligence, you will see “Risk Analysis”,
“Protocol Intelligence”, “Threat Intelligence”, “User Intelligence” and “Web Intelligence”.

Now, after upgrade to 5.1.1, inside Enterprise Security Under Security Intelligence I can only see
“Risk Analysis”. I can only see that for Security Domains as well. “Identity” are not visible anymore.

christopherr_sp
Splunk Employee
Splunk Employee

Support logged a Bug with Development and it was confirmed as a Bug. After Splunk 4.7.x
SA (Security Add on)/DA (Domain Add on) apps were disabled before the post-installation setup.

During the 5.1.1 upgrade SAs were re-enabled, but DAs were not.

SOLNESS-17018 Navigation: Splunk ES 5.1.1 not showing most of the dashboards after migration from 4.7.1

The solution is to re-enable all DAs (Domain Add ons).

To re-enable apps click "Manage Apps" from the app dropdown on the navigation bar in ES or
navigate to https://examplehost.splunk.com:8000/en-US/manager/SplunkEnterpriseSecuritySuite/apps/local

(Replace: examplehost.splunk.com with the name of your host).

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...