Splunk® Business Flow (Legacy)

User Manual

Splunk Business Flow is no longer available for purchase as of June 20, 2020. Customers who have already purchased Business Flow will continue to have support and maintenance per standard support terms for the remainder of contractual commitments.

Troubleshoot SBF

The following sections walk through common problems and their solutions in SBF.

Ajax error 0

When you install SBF, you might encounter the following error ajax error 0 in the Deployment Check Results dialog box under Testing browser connection.

Causes and solutions

The following table lists possible causes and solutions for the ajax error 0 error. The following table lists possible causes and solutions for the ajax error 0 error.

Cause Solution
You do not have a wireless or ethernet connection. Restore your network connection. Your search head and browser must be connected to the internet to use SBF.
Your firewall prevents you from accessing the app URL. Allow the app domain.


If you are connecting to the US domain, allow: https://us.businessflowapp.splunk.com

If you are connecting to the EU domain, allow: https://eu.businessflowapp.splunk.com

If you are connecting to the APAC domain, allow: https://apac.businessflowapp.splunk.com

You have a web browser plug-in installed, and the web browser plug-in prevents you from accessing the app URL. Allow the app domain.


If you are connecting to the US domain, allow: https://us.businessflowapp.splunk.com

If you are connecting to the EU domain, allow: https://eu.businessflowapp.splunk.com

If you are connecting to the APAC domain, allow: https://apac.businessflowapp.splunk.com

Risky searches in SBF

When you enter a search in a Flow Model, you might encounter the following error: Found risky search, aborting request.

Cause

In SBF, a risky search refers to a search that contains at least one of the following commands:

  • crawl
  • createrss
  • delete
  • dispatch
  • dump
  • input
  • internalinputcsv
  • outputcsv
  • outputlookup
  • rest
  • runshellscript
  • script
  • sendemail
  • stash
  • tagcreate
  • tagdelete
  • tscollect

Solution

Risky commands are prohibited in SBF. To find an alternate command, see the Command quick reference in the Slpunk Enterprise Search Reference.

Invalid _time field

When you preview a Flow Model or explore a Flow, you might encounter the invalid _time field error. SBF doesn't process events that contain invalid _time fields.

Causes

In SBF, there are a few possible causes for the invalid _time fields error.

  • You used a CSV lookup to upload data into your Splunk platform instance, and your data doesn't contain a _time field
  • The field that contains the timestamps in your data is not named _time
  • Your timestamps aren't formatted in UNIX time.

Solution

For SBF to process your events, your timestamps must be formatted in UNIX time and correspond to a field named _time. Use the eval command to create a _time field. For more, see Eval in the Splunk Enterprise Search Reference.

SBF app upgrade error

You might encounter the following error when you upgrade the SBF app from version 1.1.0 or older to the most recent version.
Error loading token: Failed to obtain cloud server value from cloud.conf: Not Found.

Causes

Upgrading the SBF app from SBF app version 1.1.0 or older.

Solution

Follow these steps to solve the cloud.conf upgrade error:

  1. Open the local/sbf.conf file.
  2. In the file, type [server]
  3. Under [server], add the URL for your server to the local/sbf.conf file.
    • US
    url_prod = https://us.businessflowapp.splunk.com
    • EU
    url_prod = https://eu.businessflowapp.splunk.com
    • APAC
    url_prod = https://apac.businessflowapp.splunk.com
  4. Restart Splunk.
Last modified on 15 June, 2020
Manage Notifications   Report an issue to SBF

This documentation applies to the following versions of Splunk® Business Flow (Legacy): -Latest-


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters