All Apps and Add-ons

Getting invalid routing group error in splunk cef output.log

prasad_mehta23
Engager

We have cluster deployment setup. I installed Splunk App for CEF on search head and created a data model and CEF output.
Then exported the add-on and install on Splunk indexer through Cluster-Master. Require firewall and routing is fine. But i am getting below error in cefout.log

DEBUG ARGS: [u'routing=broker']
WARNING Invalid routing group 'broker'

Note:broker is my search name in cef output.

Could anyone let me know , why this invalid routing error appears? Whats its significance? How to fix this?

DavidH1
Explorer

I had this exact issue, but I am on a clustered search head and clustered indexer environment. If you run the search command manually (go to Search Head -> Settings -> Searches, Reports, and Alerts -> App: Splunk App for CEF -> Run ) you get the same error as https://answers.splunk.com/answers/538377/splunk-app-for-cef-how-to-resolve-error-search-fac.html -- "Search Factory: Unknown search command 'cefout'".

To fix this I moved the bin folder and the commands.conf to the Splunk_TA_cefout app on the indexers and it resolved my issue.

abdulaziz_991
Engager

have same issue

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...