I have had Splunk Stream up and running for a while, but after upgrading to 7.3.1 some of my Eventtypes that drive the Stream dashboards seem to have gone AWOL. For example, I am mainly using Stream to monitor my sql database activity (tds). The Admin dashboard for databases used to work just fine, but now it is throwing the error: Eventtype 'stream_agg_databases' does not exist or is disabled.
I checked the Eventtypes after reading a post that said sometimes Eventtypes are disabled on upgrades, but this one is gone altogether. So I was wondering if anyone knows how to restore the Eventtypes for Stream? Thanks.
OK, I have answered this myself. The permissions for the Event Types for Splunk_TA_stream were restricted to 'The App' which is Splunk_TA_Stream, bit of course the Stream App is splunk_stream_app ... So the fix is to enable the Permissions for All apps so that splunk_stream_app can access the Event Types.
OK, I have answered this myself. The permissions for the Event Types for Splunk_TA_stream were restricted to 'The App' which is Splunk_TA_Stream, bit of course the Stream App is splunk_stream_app ... So the fix is to enable the Permissions for All apps so that splunk_stream_app can access the Event Types.