Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

URA reports incompatanility with JQuery 3.5

fatsug
Builder
‎09-17-2024 08:28 AM

I get weekly email updates with results from weekly URA scans. After noticing that we had outdated apps we rolled out updates for three public apps, Sankey Diagram, Scalable Vector Graphics and Splunk Dashboard Examples.

In our testing environment URA is now content and all apps pass jQuery scans without issues. However, in our production environment URA scan still fails in all three apps.

It does not specify which files or of there is a problem om one or all instances so I don’t know what is causing the results. I have double and triple checked the apps comparing hash values for every file both on the deployment server and on all individual test and production search heads.

Everything except for the “install hash” in “meta.local” is identical in both test and production environment. Apps are all identical between cluster members in test and production environment respectively.

There are not additional files present on any search head in the production environment.

Why is URA still failing these apps only in the production environment? How can I identify the reason for the scan failures as I they should all pass in both environments, being identical and all.

Any and all suggestions are most welcome

All the best

Labels (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

marnall
Motivator
‎09-17-2024 01:43 PM

You can export the results of the scan in JSON format, then look inside for the individual checks and their results. Find entries with "Result":"BLOCKER", as the messages should indicate why the app is failing the check, and should include the problematic file path.

I use Notepad++ with the JStools extension to JSFormat and make the json file readable.

 

View solution in original post

Reply
Solved! Jump to solution
Solution

marnall
Motivator
‎09-17-2024 01:43 PM

You can export the results of the scan in JSON format, then look inside for the individual checks and their results. Find entries with "Result":"BLOCKER", as the messages should indicate why the app is failing the check, and should include the problematic file path.

I use Notepad++ with the JStools extension to JSFormat and make the json file readable.

 

Reply
Solved! Jump to solution

fatsug
Builder
‎09-23-2024 04:30 AM

Sorry for the delay

Exporting the scan results did provide additional information, as with most other apps the problem is with "backups" of older versions of the app

".../default.old.20240828…i/views/attribution.xml"

So URA is triggering on "old" folders which are no longer active. The remaining questions hence is "to delete or not to delete"? I know I've participated in these discussions before.

For "private" apps I could normally just ignore a specific search path for an app, this is not possible for the "splunk base app". So either I have to ingore the "failing" (false positives) apps completely, or manually delete "old" folders.

What is the "best praxis" here?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...