Hi there, I've just upgraded to 6.0.0 however Splunk is reporting "
6.0 Errors - Dashboard and Agent
-
Answered
Hi there, I've just upgraded to 6.0.0 however Splunk is reporting "
Matt was configuring uberAgent through GPO. After importing the GPO settings, everything worked as expected.
Hi, I have resolved the Splunk errors but I'm still not seeing any data being ingested from endpoints on v6.0.
Hi Matt,
I saw your mail to support@uberagent.com. I'll respond there and post the solution publically here.
Hi there,
First of all, thank you so much for such a great product. I truly appreciate your hard work. With that being said, after upgrading ESM to 6.0 and installing ESA app, I have noticed a few error messages.
For ESA, I see the following.
Error in 'PivotProcessor': Error in 'PivotCell': The dataset 'Process_ProcessStartup' has no field 'IsProtected'.
Hi Usman,
Thanks for your kind words!
The field IsProtected and the lookup hashtypes are both new in version 6 of uberAgent's UXM Splunk app. Please update the Splunk app to the latest version.
See fields https://uberagent.com/docs/uberagent/latest/metrics/applications/application-and-process-startup/
Hi Dominik,
I appreciate the quick response. You were right about upgrading to 6.0. Although I had installed the newer version in Splunk, I had skipped the documentation on how to do it correctly. After removing the existing version and then installing the newer one resolved the issues described above.