Splunk® Enterprise

Upgrade Readiness

Splunk Enterprise version 8.2 is no longer supported as of September 30, 2023. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

Act on jQuery scan results with the Upgrade Readiness App

After you scan your Splunk platform instance with the Upgrade Readiness App, you can review and act on the results to remove dependencies on lower versions of jQuery from your deployment.

Public apps

Review and act on the scan results for all your public apps. Public apps are apps that are available on Splunkbase.

The Upgrade Readiness App scan results include Splunk-supported apps and third-party apps supported by partners and developers. App owners are responsible for updating their apps and releasing new versions after removing jQuery vulnerabilities.

If you've extended an app or customized anything locally, review the results for any custom file paths that you've added to that app and take action on those to prepare for the upgrade. Otherwise, you can wait for the app owner to make updates.

For third-party apps, you can contact the developer directly using their contact details on Splunkbase to learn more about their upgrade plans. If the developer does not plan to update the app, you can make the updates yourself using the guidance in the private scan checks.

If you have a version of a public app that is failing, but a compatible version is available on Splunkbase, then the scan results direct you to download that version from Splunkbase to pass the check.

The Public App status fails and displays a warning icon for any public app that does not have a version available in the splunkbase.csv list. This list is shipped with the app and updates at 7 minutes past every eight hour in a sync to SplunkbaseIn the event that a connection to Splunkbase fails, the most recent or the shipped CSV report is used in respective order as a failsafe.

To identify what is causing your public app to fail, you can export the results of the scan to download a JSON scan report.

Private apps

Review and act on the scan results for all your private apps. Private apps are apps that are private to your organization and are not available on Splunkbase.

Resolve blocking issues in your private apps and your customized Splunkbase apps, if any. Check all other file paths flagged by the app and determine what actions to take to make them upgrade-ready.

If one or more checks in an app is marked SKIPPED, this means that the Upgrade Readiness App wasn't able to complete the check due to the way the app is packaged. You can repackage the app using the Splunk Packaging Toolkit and run the scan again, or check for the upgrade compatibility issues manually. For more information, see Package apps for Splunk Cloud Platform or Splunk Enterprise using the Splunk Packaging Toolkit on the Splunk Developer Portal.

Apps that have no jQuery vulnerabilities are marked as PASSED. After the app is marked PASSED, test the app thoroughly to determine whether you need to take any further action.

Public and private apps

Review and act on the scan results with methods that apply to both public and private apps.

Dismiss file paths

The Upgrade Readiness App lets you dismiss individual file paths from the scan results. Dismiss file paths after you verify that they have no jQuery vulnerabilities to narrow down the list to files that still require attention.

When you dismiss a file path, you'll be able to see such files in a separate table, and they won't be accounted as a failure in subsequent scans.

If you've previously dismissed a file, but it is included in a scan despite being marked as an exception, optionally use the following command to remove the file directly from the dismiss lookup:

curl -k -u admin:changeme -X DELETE https://localhost:8089/servicesNS/nobody/python_upgrade_readiness_app/storage/collections/data/jra_remote_dismiss_file

Dismiss apps

The Upgrade Readiness App lets you dismiss both public and private apps from the scan results. Dismiss apps after you verify that they have no jQuery vulnerabilities to narrow down the list to apps that still require attention.

When you dismiss an app, that app is marked as an exception and it won't be accounted as a failure in the subsequent scans. You'll still be able to execute scans on that app and view results.

If you've previously dismissed an app, but it is included in a scan despite being marked as an exception, optionally use the following command to remove the app directly from the dismiss lookup:

curl -k -u admin:changeme -X DELETE https://localhost:8089/servicesNS/nobody/python_upgrade_readiness_app/storage/collections/data/jra_remote_dismiss_app

Reinstating dismissed file

Take one of the following actions if you accidentally dismiss an app or file path and want to reinstate it in future scans:

  • If you're using Splunk Enterprise, delete the Upgrade Readiness App from your instance and then reinstall it. This method is only available in Splunk Enterprise, not in Splunk Cloud Platform.
  • Run the following command in the Search & Reporting app to recover all the file paths you have ever dismissed:
    | outputlookup jra_remote_dismiss_file
    
  • Run the following command in the Search & Reporting app to recover all the apps you have ever dismissed:
    | outputlookup jra_remote_dismiss_app
    
Last modified on 25 January, 2023
Act on Python scan results with the Upgrade Readiness App   REST API reference for the Upgrade Readiness App

This documentation applies to the following versions of Splunk® Enterprise: 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters