Hi there, I've just upgraded to 6.0.0 however Splunk is reporting "
Dominik Britz Official comment
Matt was configuring uberAgent through GPO. After importing the GPO settings, everything worked as expected.
Hi, I have resolved the Splunk errors but I'm still not seeing any data being ingested from endpoints on v6.0.
I saw your mail to firstname.lastname@example.org. I'll respond there and post the solution publically here.
First of all, thank you so much for such a great product. I truly appreciate your hard work. With that being said, after upgrading ESM to 6.0 and installing ESA app, I have noticed a few error messages.
For ESA, I see the following.
Error in 'PivotProcessor': Error in 'PivotCell': The dataset 'Process_ProcessStartup' has no field 'IsProtected'.For ESM,Could not load lookup=LOOKUP-hashtypesI checked the lookups folder and it did not contain one called hashtypes.Looking forward to hear back from you. Thanks
Thanks for your kind words!
The field IsProtected and the lookup hashtypes are both new in version 6 of uberAgent's UXM Splunk app. Please update the Splunk app to the latest version.
See fields https://uberagent.com/docs/uberagent/latest/metrics/applications/application-and-process-startup/
I appreciate the quick response. You were right about upgrading to 6.0. Although I had installed the newer version in Splunk, I had skipped the documentation on how to do it correctly. After removing the existing version and then installing the newer one resolved the issues described above.