Splunk IT Service Intelligence
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

After ITSI migration to 3.0, the services are empty, ERROR: Parameter "name" must be 100 characters or less

yannK
Splunk Employee
Splunk Employee
‎10-25-2017 01:47 PM

I did an upgrade of my ITSI to 3.0, and in the process I saw some errors in the itsi_migration.log

2017-10-23 09:53:36,941 INFO [itsi.migration] [base_migration_interface] [_get_object_file_list] [23596] obtain the local storage target file list: ['D:\\Splunk\\var\\itsi\\migration_helper\\kpi_base_search___0.json']
2017-10-23 09:53:41,783 ERROR [itsi.migration] [migration] [migration_bulk_save_to_kvstore] [23596] [HTTP 400] Bad Request; [{'type': 'ERROR', 'text': 'Parameter "name" must be 100 characters or less.', 'code': None}]

Now the service panel does not load, and I had to rollback to ITSI 2.6.*

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎10-25-2017 01:52 PM

We found that the long object was a Service KPI search, relying on a base search from the module DA-ITSI-ITSI-Health-Check-Module

search :
[DA-ITSI-ITSI-Health-Check-Module-DA-ITSI-ITSI-Health-Check-Module_ITSI-Health_Splunk.Searches]

Saved Search Name that was too long : (128 chars > 100 char limit)
Indicator - Shared - DA-ITSI-ITSI-Health-Check-Module-DA-ITSI-ITSI-Health-Check-Module_ITSI-Health_Splunk.Searches - ITSI Search

The problem was that the objects in the kvstore was a combination of the service, indicator and base search name, and went over the limit.

Solution :
- once rolled back to 2.6.*
- go to configuration > services , and find the service calling that base search, and delete it
- stop splunk
- redo the upgrade to 3.0
- check the services after

PS : As the app/module DA-ITSI-ITSI-Health-Check-Module has been deprecated, it's better to remove the module anyway.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎10-25-2017 01:52 PM

We found that the long object was a Service KPI search, relying on a base search from the module DA-ITSI-ITSI-Health-Check-Module

search :
[DA-ITSI-ITSI-Health-Check-Module-DA-ITSI-ITSI-Health-Check-Module_ITSI-Health_Splunk.Searches]

Saved Search Name that was too long : (128 chars > 100 char limit)
Indicator - Shared - DA-ITSI-ITSI-Health-Check-Module-DA-ITSI-ITSI-Health-Check-Module_ITSI-Health_Splunk.Searches - ITSI Search

The problem was that the objects in the kvstore was a combination of the service, indicator and base search name, and went over the limit.

Solution :
- once rolled back to 2.6.*
- go to configuration > services , and find the service calling that base search, and delete it
- stop splunk
- redo the upgrade to 3.0
- check the services after

PS : As the app/module DA-ITSI-ITSI-Health-Check-Module has been deprecated, it's better to remove the module anyway.

0 Karma
Reply
Get Updates on the Splunk Community!

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...