Hi,
Does anyone here experienced the same problem that we got. It just suddenly happened that the Service Analyzer we're working on suddenly turned on to a blank page. The search bar and the buttons are still there, even the tabs for deep dive, glass table, and so on are still visible but the service analyzer is just full white-blank page.
Hope to get answers here.
Btw, we are using version 4.3.0.
Having the same issue after upgrading from 4.4.5 to 4.7.0. We just tried going from our broken 4.7.0 to 4.9.0 in hopes that we would get our service analyzer back, instead, we are now getting a license error and ITSI is non-functional. Not sure what happened after 4.4.5 and Splunk 8.1.5 but we are now down and non-operational.
You might consider following the troubleshooting steps here? https://docs.splunk.com/Documentation/ITSI/4.6.0/Install/Troubleshoot#Why_are_things_missing_after_I...
Those steps are technically for post-upgrade, but going through them might help diagnose the problem. Just a shot in the dark.
Thanks @esnyder_splunk , looks like I'll be calling Splunk Support. The queries returned what looks like legitimate records with appropriate relationships for the Default Service Analyzer.
To whom it may concern, Splunk Support did provide a solution to my problem. Apparently there was a "permission" that was written to $SPLUNK_HOME/etc/apps/itsi/metadata/local.meta when I was exploring group permissions through the ITSI UI. The following was written to the end of the file:
[ ]
access = read : [ * ], write : [ * ]
export = none
version = 8.0.3
Deleting that Stanza returned the Default Service Analyzer to its normal state, AND allowed the Service Health Score to re-appear on my (beta) Glass Table.
Note that I was also previously instructed to remove extraneous settings from $SPLUNK_HOME/etc/system/local/authorize.conf. It turns out that if you "save" anything for a role in Splunk Web, it writes the whole role to the local/authorize.conf, which is essentially a bunch of "<capability>=false" statements for the inherited capabilities. That alone did not fix it, but might also be related.
Many Thanks to Sung at Splunk Support! Thanks also to @EAR009, @esnyder_splunk, and @eduncan!
Happily Splunking Again!!!
I am also facing same issue in 4.4 version. Raised case with Splunk support but still no fix.
Just happened to me in version 4.4.3. Working one minute, and then not. Also have a Glass Table that shows the KPI Trendline, but not the Service Health Trendline. Was working on some roles by adding itoa_admin when it stopped working. Don't know why raising privs would cause limited displays.
@EAR009 Any answers from Splunk Support???
If you search the index itsi_summary do you see a consistent writing of events to the summary index? Also if you go to time picker and choose 15 min, does anything show?
Thanks @eduncan . Yes, a 15 min search of itsi_summary returned 21 events covering both the KPI and the Service Health Scores, as desired.
@timothywatson This kind of problems arise when we remove some app or add-on which comes with associated roles like winfra_adminin case of Windows TA.
To identify which role is creating issue, try accessing Maintenance window option from ITSI or any other configuration related dropdown which will throw 404 about missing role.
Solution for this issue is, we have to remove that specific role from passwd file from $SplunkHome/etc or try creating the role manually in access controls. After refresh platform will work asusual and this manually created role will be removed automatically after few seconds.
@EAR009I created Maintenance window without issue. No 404 error written to screen or in recent _internal events. Can you be more specific about detecting the "missing" role? Not even the Admin User is able to see the Default Service Analyzer. Did you only have the issue for certain users? Is there anything in the logs that will identify the issue?
Do you have a link to the bug report?
@timothywatson If the problem is related to unavailable or deleted role, then it will create issue for the user with the specific role. Other users can visualize dashboards and views normally.
Please try with any other user account which doesn't hold any admin roles.