All Apps and Add-ons

Error message received when configuring "Splunk Add-on for Unix and Linux"

splunkcloudnoob
Explorer

When I try to configure the "Splunk Add-on for Unix and Linux" app in Splunk Cloud I receive an error message that states: "There was an unexpected problem while saving the inputs. Please reload the page and try again."

This error message is vague and I am not sure what to do next.

Does anyone have a solution?

Labels (2)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

What did you find in the log?

index=_internal source="*splunkd.log"
---
If this reply helps you, Karma would be appreciated.

splunkcloudnoob
Explorer

Here are a few of the messages in the log:

INFO TcpOutputProc - Found currently active indexer. Connected to idx=[Ip address]:9997, reuse=1

ERROR ExecProcessor - message from "Applications/SplunkForwarder/etc/apps/Splunk_TA_nix/bin/protocol.sh" netstat: sysctl: net.inet.ip.input_perf_data: No such file or directory

HttpListener - Socket error from [IP address] :33544 while idling: error:1407609C

INFO ChunkedLBProcessor - Failed to find EVENT_BREAKER regex in props.conf for sourcetype::Unix:Service. Reverting to the default EVENT_BREAKER regex for now

0 Karma

richgalloway
SplunkTrust
SplunkTrust
The INFO messages can be ignored. Since this is Splunk Cloud your options are fairly limited. Consider re-installing the app, if the GUI will let you, or opening a support ticket.
---
If this reply helps you, Karma would be appreciated.

splunkcloudnoob
Explorer

So I am currently on a 15 day free trial so apparently I am not entitled to open support tickets - I contacted the sales team via voicemail and via email.  I'll post back here once I have a solution.

0 Karma

figmentbritton
Engager

Did you get a response from support?

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...