After the ES 4.5 Upgrade the Incident Review tab can only be viewed properly with IE & Firefox, its a blank dashboard in chrome.
Splunk Enterprise 6.5 upgrade was completed a couple weeks ago, everything was working fine, then I did the ES 4.5 upgrade yesterday. No errors and everything seemed to work ok, but now Chrome wont display the Incident Review page.
I renamed the incident_review.xml view in local just in case there was some change made that caused it, so its using the default 4.5 copy currently.
There are a bunch of 404 errors in the chrome log regarding different .js files (These errors are not present in FF49 or IE11)
Uncaught Error: Script error for: sa-utils/js/util/SearchOptimizer
Uncaught Error: Script error for: sa-utils/js/lib/ES6Shim/shim.min
Uncaught Error: /en-US/static/@59c8927def0f/js/../app/SA-Utils/js/app/SA-Utils/js/templates/KeyIndicators.html HTTP status: 404
Uncaught Error: /en-US/static/@59c8927def0f/js/../app/SplunkEnterpriseSecuritySuite/js/app/SplunkEnterpriseSecuritySuite/js/templates/InvestigatorBar.html HTTP status: 404
Uncaught Error: /en-US/static/@59c8927def0f/js/../app/SplunkEnterpriseSecuritySuite/js/app/SplunkEnterpriseSecuritySuite/js/templates/TimelineSelectorTemplate.html HTTP status: 404
... View more
We are collecting syslog with a syslog collector, and dumping it to text files. Splunk ingests those txt files from the drive using the Splunk Universal Forwarder and everything works perfectly for all syslog events except the switch data from sourcetype cisco:ios. Every night there is a gap in the data from 12a-4a. Meanwhile, all other syslog data is indexed and reporting properly with nothing missing. Every sourcetype is using the same method and source syslog server. Its only this cisco:ios sourcetype during these hours. At 4:00am everything resumes like nothing ever happened. The text files contain data straight through the night, so its not with the syslog server or the data collecting.
I am completely stumped.
Backups dont run at those times.
Has anyone ever seen anything like this? I feel like my sanity is being tested 🙂
... View more