0

6.0 Errors - Dashboard and Agent

Hi there, I've just upgraded to 6.0.0 however Splunk is reporting "

 Error in 'inputlookup' command: External command based lookup 'lookup_score_per_machine' is not available because KV Store initialization has failed. Contact your system administrator.
 
"
 
Also, endpoints on v6.0.0 are not reporting in, though older versions are.  Log shows no major issues.  Not sure how to share log file without making it public.

6 comments

  • Avatar
    Dominik Britz Official comment

    Matt was configuring uberAgent through GPO. After importing the GPO settings, everything worked as expected.

  • 0
    Avatar
    Matt McDougall

    Hi, I have resolved the Splunk errors but I'm still not seeing any data being ingested from endpoints on v6.0.

  • 0
    Avatar
    Dominik Britz

    Hi Matt,

    I saw your mail to support@uberagent.com. I'll respond there and post the solution publically here.

  • 0
    Avatar
    usman habib

    Hi there,

    First of all, thank you so much for such a great product. I truly appreciate your hard work. With that being said, after upgrading ESM to 6.0 and installing ESA app, I have noticed a few error messages. 

    For ESA, I see the following.

    Error in 'PivotProcessor': Error in 'PivotCell': The dataset 'Process_ProcessStartup' has no field 'IsProtected'.

    For ESM, 
     
    Could not load lookup=LOOKUP-hashtypes
     
    I checked the lookups folder and it did not contain one called hashtypes. 
     
    Looking forward to hear back from you. Thanks
     
  • 0
    Avatar
    Dominik Britz

    Hi Usman,

    Thanks for your kind words!

    The field IsProtected and the lookup hashtypes are both new in version 6 of uberAgent's UXM Splunk app. Please update the Splunk app to the latest version.

    See fields  https://uberagent.com/docs/uberagent/latest/metrics/applications/application-and-process-startup/

  • 0
    Avatar
    usman habib

    Hi Dominik,

    I appreciate the quick response. You were right about upgrading to 6.0. Although I had installed the newer version in Splunk, I had skipped the documentation on how to do it correctly. After removing the existing version and then installing the newer one resolved the issues described above. 

Please sign in to leave a comment.