Splunk Enterprise

Upgraded SH to 8.1.9, and Monitory Console doesn't see anything under Overview

mello920
Path Finder

Hello,

I upgraded our office's Search Head (SH) to 8.1.9 from 8.0.4. On the previous version, MC wouldn't even load. Now that it does, the Overview Window just says "Searching for..." (See screenshot below). But I can do a search for my indexer or forwarder and other events in the Search App. Not sure what I am missing with the MC setup. Other tabs like the Health Check work.

Any suggestions or help are greatly appreciated! Thank you very much.

 

V/r,

mello920

 

MC Error.png

Labels (3)
0 Karma
1 Solution

mello920
Path Finder

Rest API Calls were blocked by our WAF. Once they were unblocked, the monitoring console started behaving as normal.

View solution in original post

0 Karma

mello920
Path Finder

Rest API Calls were blocked by our WAF. Once they were unblocked, the monitoring console started behaving as normal.

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Good to find the real root cause.

FYI: there are one another same kind of MC issue on 8.1.9 Monitoring Console issues where it shows some values as N/A instead of correct ones.

r. Ismo

mello920
Path Finder

Hello,

I have access to the internal indexes, instances are up and everything is configured correctly in the 'Setup' page. Everything's working, data is being indexed and I can search the data. Nothing in the splunkd.logs stands out. I compared the MC settings to our production environment, and they match this "test" enviroment.

Could it be resource issue? I noticed that the Prod Env has twice the cpu/memory as the Test Env that I'm trying to get working.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, it could be a resources problem.  The MC is a search head and, as such, needs sufficient resources to function.  Also, the indexers need sufficient resources to process searches generated by the MC.

---
If this reply helps you, Karma would be appreciated.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Do you have access to the internal indexes?  The MC gets its data from them.

Have you followed the suggestions in the displayed error message?  Have you checked splunkd.log?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...