Memo of migrating from v7.3.1 to v8.0.0 on a single node (all-in-one) on Ubuntu.
Documents
Troubleshooting
Can not launch Splunk Web
Check web_service.log and confirm the following message.
2019-10-23 11:49:48,482 ERROR [5dafbfc81b7f77dab0c3d0] root:770 - invalid syntax (CFHiddenSearch.py, line 65)
Traceback (most recent call last):
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/root.py", line 132, in <module>
...
File "/opt/splunk/etc/apps/splunk_app_for_nix/appserver/modules/CFHiddenSearch/CFHiddenSearch.py", line 65
except splunk.ResourceNotFound, e:
^
SyntaxError: invalid syntax
Splunk Web will support only Python 3.7. Scripts that depend on Splunk Web (including custom CherryPy endpoints and Python in Mako templates) must be upgraded to use Python 3.7 syntax. from Splunk Enterprise - Python 3 Migration - Changes to Splunk Enterprise - Splunk Web
Workaround
Move splunk_app_for_nix from apps directory.
Improvents (I found)
_metrics Metrics type index
Following search shows load average metric data of my Unix/Linux UFs without additional apps.
| mstats prestats=t avg(spl.mlog.thruput.thruput.load_average)
WHERE index=_metrics span=15m by host
| timechart span=15min avg(spl.mlog.thruput.thruput.load_average) by host
The usual metrics.log (_internal index, splunkd sourcetype, Metrics component) have still exists.