Splunk Search

Splunk Enterprise Security Content Management blank



I performed a "fresh" installation of ES 4.6.1 in a search head cluster through deployer. Splunk app version is 8.0.9. 

The apps for the ES were pulled from a repository solution to deployer and then pushed to the search cluster. When I try to open the content management it is stuck in blank and the Incident Review displaying "Operation Failed, Internal Error. __enter__" error.

Is there any log file I might check and permission I need to change a this behavior is quite strange?

Thank you in advance

Labels (1)
0 Karma


Splunk 8.0.9 does not support ES 4.6.1.  That's an antique version of ES.  Try an older (unsupported) version of Splunk or a newer version of ES.

If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Tips & Tricks When Using Ingest Actions

Tune in to learn about:Large scale architecture when using Ingest ActionsRegEx performance considerations ...