All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

A wrong configuration script (configure.sh) in Splunk Add-on for NetFlow Ver 3.0.1.

sunrise
Contributor
‎08-23-2015 09:58 PM

This post is not a question, but an enhancement request for Splunk Add-on for NetFlow Ver 3.0.1.
I installed Splunk Enterprise 6.2.5 and Splunk Add-on for NetFlow Ver 3.0.1 on a Linux server and configured it by "configure.sh" in this add-on.

Though I've done this almost default settings and transferred netflow packets to this UDP receiving port, I could not get any netflow packets in Splunk.

Reply
1 Solution
Solved! Jump to solution
Solution

sunrise
Contributor
‎08-23-2015 10:04 PM

In some tests, I got a solution to this issue.
I found that "configure.sh" may be wrong.

Original "configure.sh" in this App (Ver 3.0.1) includes following lines.
let keepDays=$keepDays-1
if [[ -z "$keepDays" ]]; then
keepDays="2"
fi

This causes wrong days to keep ascii flow logs in flowfix.sh which is executed by script stanza in inputs.conf.
find /opt/splunk625/etc/apps/Splunk_TA_flowfix/nfdump-ascii -type f -mtime +-1 -exec rm -f {} \;

So if you encounter this issue, you need to change flowfix.sh manually, or specify custom days during its configurations.

View solution in original post

Reply
Solved! Jump to solution

huns0004
Engager
‎09-04-2016 07:27 AM

I have also found this bug. Enter the days manually or change the script to do the null comparison first.

Disappointing that this has been out there for over a year and hasn't been fixed yet.

0 Karma
Reply
Solved! Jump to solution

thejohn
Path Finder
‎01-24-2016 02:44 PM

the script has major errors which results in a broken flowfix.sh file.

0 Karma
Reply
Solved! Jump to solution
Solution

sunrise
Contributor
‎08-23-2015 10:04 PM

In some tests, I got a solution to this issue.
I found that "configure.sh" may be wrong.

Original "configure.sh" in this App (Ver 3.0.1) includes following lines.
let keepDays=$keepDays-1
if [[ -z "$keepDays" ]]; then
keepDays="2"
fi

This causes wrong days to keep ascii flow logs in flowfix.sh which is executed by script stanza in inputs.conf.
find /opt/splunk625/etc/apps/Splunk_TA_flowfix/nfdump-ascii -type f -mtime +-1 -exec rm -f {} \;

So if you encounter this issue, you need to change flowfix.sh manually, or specify custom days during its configurations.

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...