Activity Feed
- Posted Re: MC broken after upgrade to 8.2.7 on Installation. 08-05-2022 06:57 AM
- Karma Re: How to upgrade Mongo in Splunk 9.0.0? for amartin6. 06-30-2022 11:35 AM
- Posted Splunk App For AWS: Topology Not Loading (v6.0.3) on All Apps and Add-ons. 05-19-2022 10:23 PM
- Posted Why are dashboard buttons not displaying correctly? on Dashboards & Visualizations. 05-17-2022 01:55 PM
- Karma Re: Upgraded SH to 8.1.9, and Monitory Console doesn't see anything under Overview for isoutamo. 05-06-2022 07:45 AM
- Karma Re: Why isn't Health Check Running? for gcusello. 05-06-2022 07:42 AM
- Posted Re: Upgraded SH to 8.1.9, and Monitory Console doesn't see anything under Overview on Splunk Enterprise. 05-05-2022 11:32 PM
- Posted Re: Why isn't Health Check Running? on Monitoring Splunk. 05-05-2022 11:31 PM
- Posted Re: Unable to Create or Clone Dashboards after upgrading to Splunk Enterprise 8.2.6 on Dashboards & Visualizations. 05-05-2022 11:26 PM
- Posted Unable to Create or Clone Dashboards after upgrading to Splunk Enterprise 8.2.6 on Dashboards & Visualizations. 05-03-2022 02:05 PM
- Posted Disconnecting from Splunk Web on Splunk Enterprise. 04-29-2022 11:29 AM
- Posted Re: Health Check Doesn't Run on Monitoring Splunk. 04-22-2022 08:33 AM
- Posted Re: Health Check Doesn't Run on Monitoring Splunk. 04-22-2022 08:26 AM
- Posted Re: Health Check Doesn't Run on Monitoring Splunk. 04-21-2022 12:49 PM
- Posted Why isn't Health Check Running? on Monitoring Splunk. 04-21-2022 12:25 PM
- Posted Re: Upgraded SH to 8.1.9, and Monitory Console doesn't see anything under Overview on Splunk Enterprise. 04-17-2022 05:03 PM
- Posted Upgraded SH to 8.1.9, and Monitory Console doesn't see anything under Overview on Splunk Enterprise. 04-17-2022 12:39 AM
- Posted Re: Why are there missing clients under forwarder management after upgrading Search Head from 8.0.4 to 8.1.9? on Deployment Architecture. 04-14-2022 04:34 PM
- Posted Re: Why are there missing clients under forwarder management after upgrading Search Head from 8.0.4 to 8.1.9? on Deployment Architecture. 04-14-2022 07:25 AM
- Posted Why are there missing clients under forwarder management after upgrading Search Head from 8.0.4 to 8.1.9? on Deployment Architecture. 04-13-2022 11:22 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
08-05-2022
06:57 AM
Hello, I am having the same issue as well. Has there been any updates on your case or is there a way I can see it? I noticed you put the referenced number. New to Splunk!!
... View more
05-19-2022
10:23 PM
Hello, I have verified that sourcetype=aws:config is being ingested from AWS according to https://docs.splunk.com/Documentation/AWS/6.0.3/User/Topology. Still, nothing shows up under the Topology tab. The troubleshooting documentation references this: check that the Config: Topology Data Generator saved search is enabled I've looked for this saved search and it doesn't exist. I found other references on the Community saying that the Topology Data Generator search isn't found. Is that an error on Splunk's part for putting that in the documentation or am I missing something? Any help is greatly appreciated! V/r, mello920
... View more
Labels
- Labels:
-
configuration
-
troubleshooting
05-17-2022
01:55 PM
Hello,
For some reason the buttons in any of the dashboard panels under the Search & Reporting App displaying incorrectly. They either are misaligned, look like hyperlinks, or get all squished up. Any help is greatly appreciated! FYI: Dashboards themselves work fine in terms of displaying results.
See below:
V/r,
mello920
... View more
Labels
- Labels:
-
panel
05-05-2022
11:32 PM
Rest API Calls were blocked by our WAF. Once they were unblocked, the monitoring console started behaving as normal.
... View more
05-05-2022
11:31 PM
Appears to be related to our F5 WAF flagging the Splunk REST API calls. Our network engineer said they were flagged under "antivirus check". Once an exception to the policy was made, the health checks now run as intended.
... View more
05-05-2022
11:26 PM
Figured it out after getting Splunk OnDemand Support. Our WAF in the F5 was blocking all the Rest API Calls. Once we had our network engineer make an exception to policy, the error went away. Can create/clone dashboards again.
... View more
05-03-2022
02:05 PM
Hello,
I was able to create dashboards back in 8.1.9. After upgrading to 8.2.6, I get a weird error anytime I try to create a new dashboard or clone one (whether classic or studio). Haven't been able to find any information on it.
Any help is greatly appreciated!
V/r,
mello920
... View more
Labels
- Labels:
-
Dashboard Studio
-
simple XML
04-29-2022
11:29 AM
Hello, Does anyone have any idea why this keeps occuring? It happens to me about every 10 minutes. The session timeout is set to 60 minutes. We use SAML with Okta for authentication. I asked the Okta personnel and they said they have a 2 hour time out session. Any help is greatly appreciated! V/r, mello920
... View more
Labels
04-22-2022
08:33 AM
I'm not a Splunk Admin per se. Our office hasn't had one in a while. The Monitoring Console didn't even load when clicking on it when the SH was on 8.0.4. I performed the upgrade, and soon after I could actually go into the Monitoring Console. Compared to our Prod Env, it just isn't working properly. Yes, my user role is set with the "admin" rights. I tried to run the one check for "index status" in the Search App and I get "error in 'rest' command: Invalid argument: '/services/server/introspection/indexer'
... View more
04-21-2022
12:49 PM
Yes, I'm able to run regular searches outside the Monitoring Console. All the dashboards but the ones under Summary are not working. "Waiting for data" or "Couldn't create search". I updated the SH from 8.04 to 8.1.9.
... View more
04-21-2022
12:25 PM
Good Afternoon,
My Splunk Monitoring Console just doesn't seem to work. The Overview or any tab just can't populate their dashboards. I decided to run the Health Check, to see what could be wrong but everything just fails with: "search job stopped unexpectedly". I can search through my index.
I looked into splunkd.log and found no errors that correlate with the Monitoring Console. What could be causing this? Can I reinstall the Monitoring Console?
Any help is greatly appreciated. Thank you.
... View more
Labels
- Labels:
-
monitoring console
04-17-2022
05:03 PM
Hello, I have access to the internal indexes, instances are up and everything is configured correctly in the 'Setup' page. Everything's working, data is being indexed and I can search the data. Nothing in the splunkd.logs stands out. I compared the MC settings to our production environment, and they match this "test" enviroment. Could it be resource issue? I noticed that the Prod Env has twice the cpu/memory as the Test Env that I'm trying to get working.
... View more
04-17-2022
12:39 AM
Hello, I upgraded our office's Search Head (SH) to 8.1.9 from 8.0.4. On the previous version, MC wouldn't even load. Now that it does, the Overview Window just says "Searching for..." (See screenshot below). But I can do a search for my indexer or forwarder and other events in the Search App. Not sure what I am missing with the MC setup. Other tabs like the Health Check work. Any suggestions or help are greatly appreciated! Thank you very much. V/r, mello920
... View more
Labels
04-14-2022
04:34 PM
So figured it out! In my attempts to upgrade the SH (no Splunk experience lol), I thought I needed to update the Pass4SymmKey on all three servers (SH, Idx, HF). Didn't know that each UF in each Windows/Linux box has a similar configuration setup in terms of directories like the main servers. Realized that they also use the Pass4SymmKey. So uninstalled/reinstalled the UFs. I can see them all now in Forwarder Management. Thank you though!!!
... View more
04-14-2022
07:25 AM
Hello! Yes, the SH is the Deployment Master. I actually looked into the Apps/Server Classes in Forwarder Management and was able to click on the "Edit Clients" button. I can see the servers pre-filled in. So, I'm guessing they just stopped forwarding. From what I gathered from the office, on the Linux boxes the UF version is 8.0.5, and on the Window boxes, it's at least 8.2. Could the problem be that the SH is on 8.1.9 but the HF is not (8.0.4)? I realize there's a lot of work to do to get everything synced up to the same version...fun times!! Don't see any errors in splunkd.log for the SH. I verified that I can see metric logs coming in for the HF.
... View more
04-13-2022
11:22 AM
Hello, This is my first time asking a question on here, so apologies if there's some format to follow. My work center doesn't have a Splunk Admin/Engineer, so they asked if I could try upgrading Splunk since it's hosted on Linux and I'm a RHEL admin. My concern is there are no clients (besides the HF) showing up under Forwarder Management on Splunk Web. Am I supposed to re-add all the clients again? Or should they have started to communicate regardless? I know the indexer is working since we can search the latest AWS logs. But any Windows/Linux box doesn't show up anymore. All apps and indexes are showing, just no "deployed clients" underneath them. The SH is the master. Any help is greatly appreciated!
... View more
- Tags:
- search-head
- upgrade
Labels
- Labels:
-
forwarder management
-
search head
