Splunk Enterprise

Upgraded SH to 8.1.9, and Monitory Console doesn't see anything under Overview

mello920
Path Finder

Hello,

I upgraded our office's Search Head (SH) to 8.1.9 from 8.0.4. On the previous version, MC wouldn't even load. Now that it does, the Overview Window just says "Searching for..." (See screenshot below). But I can do a search for my indexer or forwarder and other events in the Search App. Not sure what I am missing with the MC setup. Other tabs like the Health Check work.

Any suggestions or help are greatly appreciated! Thank you very much.

 

V/r,

mello920

 

MC Error.png

Labels (3)
0 Karma
1 Solution

mello920
Path Finder

Rest API Calls were blocked by our WAF. Once they were unblocked, the monitoring console started behaving as normal.

View solution in original post

0 Karma

mello920
Path Finder

Rest API Calls were blocked by our WAF. Once they were unblocked, the monitoring console started behaving as normal.

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Good to find the real root cause.

FYI: there are one another same kind of MC issue on 8.1.9 Monitoring Console issues where it shows some values as N/A instead of correct ones.

r. Ismo

mello920
Path Finder

Hello,

I have access to the internal indexes, instances are up and everything is configured correctly in the 'Setup' page. Everything's working, data is being indexed and I can search the data. Nothing in the splunkd.logs stands out. I compared the MC settings to our production environment, and they match this "test" enviroment.

Could it be resource issue? I noticed that the Prod Env has twice the cpu/memory as the Test Env that I'm trying to get working.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, it could be a resources problem.  The MC is a search head and, as such, needs sufficient resources to function.  Also, the indexers need sufficient resources to process searches generated by the MC.

---
If this reply helps you, Karma would be appreciated.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Do you have access to the internal indexes?  The MC gets its data from them.

Have you followed the suggestions in the displayed error message?  Have you checked splunkd.log?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...

Splunk Classroom Chronicles: Training Tales and Testimonials

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Access Tokens Page - New & Improved

Splunk Observability Cloud recently launched an improved design for the access tokens page for better ...