Splunk Enterprise

Upgraded SH to 8.1.9, and Monitory Console doesn't see anything under Overview

mello920
Path Finder

Hello,

I upgraded our office's Search Head (SH) to 8.1.9 from 8.0.4. On the previous version, MC wouldn't even load. Now that it does, the Overview Window just says "Searching for..." (See screenshot below). But I can do a search for my indexer or forwarder and other events in the Search App. Not sure what I am missing with the MC setup. Other tabs like the Health Check work.

Any suggestions or help are greatly appreciated! Thank you very much.

 

V/r,

mello920

 

MC Error.png

Labels (3)
0 Karma
1 Solution

mello920
Path Finder

Rest API Calls were blocked by our WAF. Once they were unblocked, the monitoring console started behaving as normal.

View solution in original post

0 Karma

mello920
Path Finder

Rest API Calls were blocked by our WAF. Once they were unblocked, the monitoring console started behaving as normal.

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Good to find the real root cause.

FYI: there are one another same kind of MC issue on 8.1.9 Monitoring Console issues where it shows some values as N/A instead of correct ones.

r. Ismo

mello920
Path Finder

Hello,

I have access to the internal indexes, instances are up and everything is configured correctly in the 'Setup' page. Everything's working, data is being indexed and I can search the data. Nothing in the splunkd.logs stands out. I compared the MC settings to our production environment, and they match this "test" enviroment.

Could it be resource issue? I noticed that the Prod Env has twice the cpu/memory as the Test Env that I'm trying to get working.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, it could be a resources problem.  The MC is a search head and, as such, needs sufficient resources to function.  Also, the indexers need sufficient resources to process searches generated by the MC.

---
If this reply helps you, Karma would be appreciated.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Do you have access to the internal indexes?  The MC gets its data from them.

Have you followed the suggestions in the displayed error message?  Have you checked splunkd.log?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...