Splunk ITSI
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

ITSI 4.4.1 recommended java version

pedro_77
New Member
‎01-16-2020 12:37 AM

Hello

I have some strange problems with ITSI and first i would like confirm that java version which i'm using is recommended one.
My setup is Windows 2016, SPlunk 8.0 and ITSI 4.4.1 and current java is:
OpenJDK8U-jdk_x64_windows_hotspot_8u232b09

I have warnings like this:
Unable initialize modular input itsi_license_checker defined in the app "SA-ITSI-Linceschecker":
Also we cannot create any episode via aggregation policy. Smart mode analyze cannot find any results/fields.
Could you share with me which version of ITSI and which version of java is working for sure?

Thank You
Br
Piotr

Labels (2)
0 Karma
Reply

waechtler_amaso
Explorer
‎01-22-2020 02:08 AM

Hi,

I tested with another java Version, i.e. the Oracle java 8 

java version "1.8.0_241"
Java(TM) SE Runtime Environment (build 1.8.0_241-b07)
Java HotSpot(TM) 64-Bit Server VM (build 25.241-b07, mixed mode)

This now works, no more error messages, and Episodes are now grouped

I guess it a problem of splunk parsing the java version string correctly

hth
Jan

0 Karma
Reply

waechtler_amaso
Explorer
‎01-20-2020 06:29 AM

I see similar problems:
When opening an existing or adding a new Aggregation Policy, I get:

Java version installed on this search head does not support Aggregation Policies, Java version 1.8 or greater is required.

I can still define Aggregation policies, but notable events are not beeing grouped into episodes

This is on splunk 8.0.1, ITSI 4.4.1 on a linux machine running this java version:
openjdk version "11.0.6" 2020-01-14
OpenJDK Runtime Environment (build 11.0.6+10-post-Debian-1deb10u1)
OpenJDK 64-Bit Server VM (build 11.0.6+10-post-Debian-1deb10u1, mixed mode, sharing)

MLTK 5.0.0 is installed and python.version=python3

According to the ITSI 4.4.1docs, this should all be fine

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...