All Apps and Add-ons

Getting invalid routing group error in splunk cef output.log

prasad_mehta23
Engager

We have cluster deployment setup. I installed Splunk App for CEF on search head and created a data model and CEF output.
Then exported the add-on and install on Splunk indexer through Cluster-Master. Require firewall and routing is fine. But i am getting below error in cefout.log

DEBUG ARGS: [u'routing=broker']
WARNING Invalid routing group 'broker'

Note:broker is my search name in cef output.

Could anyone let me know , why this invalid routing error appears? Whats its significance? How to fix this?

DavidH1
Explorer

I had this exact issue, but I am on a clustered search head and clustered indexer environment. If you run the search command manually (go to Search Head -> Settings -> Searches, Reports, and Alerts -> App: Splunk App for CEF -> Run ) you get the same error as https://answers.splunk.com/answers/538377/splunk-app-for-cef-how-to-resolve-error-search-fac.html -- "Search Factory: Unknown search command 'cefout'".

To fix this I moved the bin folder and the commands.conf to the Splunk_TA_cefout app on the indexers and it resolved my issue.

abdulaziz_991
Engager

have same issue

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...