Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Client did not get correct server class in Splunk DS 9.2.0.1

tatdat171
Loves-to-Learn
‎02-26-2024 07:54 PM

I am using Splunk Enterprise version 9.2.0.1 ( Upgraded from 9.0.5 to latest).
Before the upgrade, the Splunk deployment server is working as well.

When Splunk DS was upgraded to version 9.2.0.1, we saw issues with the client's server class.
Client name: EC2AMAZ-XXXXX
1. Client in DS server before upgraded (9.0.5)

Splunktatdat171_0-1709004792308.png

Server class: UF_input_WIN, UF_output

2. Client in DS server after upgraded (9.2.0.1)

tatdat171_1-1709005462444.png

Server class: UF_input_Linux, UF_output
The server class "UF_input_Linux" only filters by machine type Linux (see section 3 below). I did not know why this server class is applied to this windows client

3. "UF_input_Linux" Server class configuration

tatdat171_2-1709005764416.png

4. "UF_input_WIN" Server class configuration

Client is listed in the match list on UF_input_WIN server class

tatdat171_3-1709005887700.png

Is that a bug? The filter Machine type does not work correctly. I did not change any thing on server class & app when upgraded Splunk DS.

Does anyone know or meet this issue before? 

Labels (1)
Labels
0 Karma
Reply

Hardy_0001
Observer
‎03-06-2024 01:46 AM

@tatdat171  had you opened up a case with support?

0 Karma
Reply

tatdat171
Loves-to-Learn
‎03-06-2024 01:48 AM

Yes, I have opened case on Customer support (same time as this post). But they are still troubleshooting.

0 Karma
Reply

Hardy_0001
Observer
‎03-10-2024 01:34 AM

@tatdat171  I have also recently opened a case with Splunk support and it's in queue, not acknowledge yet. Please let me know if you have any updates/finding. Thank you.

 

0 Karma
Reply

Hardy_0001
Observer
‎03-05-2024 03:59 PM

@tatdat171  are you able to resolve this issue? checking because we are experiencing same issue.

0 Karma
Reply

tatdat171
Loves-to-Learn
‎03-05-2024 04:21 PM

Hi @Hardy_0001 , I am still facing with this issue. Could you please help me share your solution?

0 Karma
Reply

tatdat171
Loves-to-Learn
‎03-19-2024 11:43 PM

Hi @Hardy_0001 , Splunk team confirmed that is a bug on Splunk version 9.2.0.1.
The Splunk Dev team is working on that. We can wait until they release fix version 😄 

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...