Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Client did not get correct server class in Splunk DS 9.2.0.1

tatdat171
Loves-to-Learn
‎02-26-2024 07:54 PM

I am using Splunk Enterprise version 9.2.0.1 ( Upgraded from 9.0.5 to latest).
Before the upgrade, the Splunk deployment server is working as well.

When Splunk DS was upgraded to version 9.2.0.1, we saw issues with the client's server class.
Client name: EC2AMAZ-XXXXX
1. Client in DS server before upgraded (9.0.5)

Splunktatdat171_0-1709004792308.png

Server class: UF_input_WIN, UF_output

2. Client in DS server after upgraded (9.2.0.1)

tatdat171_1-1709005462444.png

Server class: UF_input_Linux, UF_output
The server class "UF_input_Linux" only filters by machine type Linux (see section 3 below). I did not know why this server class is applied to this windows client

3. "UF_input_Linux" Server class configuration

tatdat171_2-1709005764416.png

4. "UF_input_WIN" Server class configuration

Client is listed in the match list on UF_input_WIN server class

tatdat171_3-1709005887700.png

Is that a bug? The filter Machine type does not work correctly. I did not change any thing on server class & app when upgraded Splunk DS.

Does anyone know or meet this issue before? 

Labels (1)
Labels
0 Karma
Reply

Hardy_0001
Observer
‎03-06-2024 01:46 AM

@tatdat171  had you opened up a case with support?

0 Karma
Reply

tatdat171
Loves-to-Learn
‎03-06-2024 01:48 AM

Yes, I have opened case on Customer support (same time as this post). But they are still troubleshooting.

0 Karma
Reply

Hardy_0001
Observer
‎03-10-2024 01:34 AM

@tatdat171  I have also recently opened a case with Splunk support and it's in queue, not acknowledge yet. Please let me know if you have any updates/finding. Thank you.

 

0 Karma
Reply

Hardy_0001
Observer
‎03-05-2024 03:59 PM

@tatdat171  are you able to resolve this issue? checking because we are experiencing same issue.

0 Karma
Reply

tatdat171
Loves-to-Learn
‎03-05-2024 04:21 PM

Hi @Hardy_0001 , I am still facing with this issue. Could you please help me share your solution?

0 Karma
Reply

tatdat171
Loves-to-Learn
‎03-19-2024 11:43 PM

Hi @Hardy_0001 , Splunk team confirmed that is a bug on Splunk version 9.2.0.1.
The Splunk Dev team is working on that. We can wait until they release fix version 😄 

0 Karma
Reply
Get Updates on the Splunk Community!

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...