When upgrading to itsi 3.1.4 from 2.6.1 (splunk enterpriise version: 7.1.2) is successful, however when trying to access services, entities,bases searches , correlation searches , it shows no results. Although I can see glass tables but empty.
After upgrade already ran below script for global team access and restarted, but issue persisted.
https://answers.splunk.com/answers/672488/why-am-i-getting-errors-after-upgrading-splunk-it.html
some logs from internal index during the issue duration:
- Feel this is the cause of the issue but not sure what could have caused this access denied issue, found question related to this error but we didn't saw this error during backup/restore, so that is not the case for us. [link: https://answers.splunk.com/answers/726054/itsi-backup-and-restore-error-itoaaccessdeniederro.html]
ERROR [itoa.object] [itoa_exceptions] [init] [4607] [ITOA Access Denied Error]Access denied. You do not have permission to access this object.
ERROR [itsi.object.utils] [itsi_utils] [import_setting] [12756] Unable to import setting: kpi_threshold_template_8_stdev of type kpi_threshold_template, ignoring
Traceback (most recent call last):
File "/opt/splunk/etc/apps/SA-ITOA/lib/itsi/itsi_utils.py", line 1304, in import_setting
if object_of_type.get(owner, normalized_setting.get('_key', '')) is None:
File "/opt/splunk/etc/apps/SA-ITOA/lib/ITOA/itoa_object.py", line 648, in get
logger)
ItoaAccessDeniedError: Access denied. You do not have permission to access this object.
- This error stopped after executing the script for global team
ERROR [itoa.storage.statestore] [statestore] [get] [16992] [get_statestore_team] 404 Not Found on GET to /servicesNS/nobody/SA-ITOA/storage/collections/data/itsi_team/default_itsi_security_group
- +0100 ERROR AuthenticationManagerLDAP - user="xxxx" has matching LDAP groups with strategy="AD Active Directory", but none are mapped to Splunk roles
Anyone please help!!!
