Splunk Enterprise Security

Why can't I see most of the dashboards after migration from ES 4.7.1 to Splunk Enterprise Security 5.1.1?

Splunk Employee
Splunk Employee

Splunk Enterprise is migrated from 6.5.3 to 7.1.2 and also Splunk Enterprise Security App
has been upgraded from 4.7.1 to 5.1.1.

After the upgrade, most of the navigational dashboards are not visible anymore.

For example, inside Enterprise Security under Security Intelligence, you will see “Risk Analysis”,
“Protocol Intelligence”, “Threat Intelligence”, “User Intelligence” and “Web Intelligence”.

Now, after upgrade to 5.1.1, inside Enterprise Security Under Security Intelligence I can only see
“Risk Analysis”. I can only see that for Security Domains as well. “Identity” are not visible anymore.

Splunk Employee
Splunk Employee

Support logged a Bug with Development and it was confirmed as a Bug. After Splunk 4.7.x
SA (Security Add on)/DA (Domain Add on) apps were disabled before the post-installation setup.

During the 5.1.1 upgrade SAs were re-enabled, but DAs were not.

SOLNESS-17018 Navigation: Splunk ES 5.1.1 not showing most of the dashboards after migration from 4.7.1

The solution is to re-enable all DAs (Domain Add ons).

To re-enable apps click "Manage Apps" from the app dropdown on the navigation bar in ES or
navigate to https://examplehost.splunk.com:8000/en-US/manager/SplunkEnterpriseSecuritySuite/apps/local

(Replace: examplehost.splunk.com with the name of your host).

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!