All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Getting invalid routing group error in splunk cef output.log

prasad_mehta23
Engager
‎05-23-2017 11:16 PM

We have cluster deployment setup. I installed Splunk App for CEF on search head and created a data model and CEF output.
Then exported the add-on and install on Splunk indexer through Cluster-Master. Require firewall and routing is fine. But i am getting below error in cefout.log

DEBUG ARGS: [u'routing=broker']
WARNING Invalid routing group 'broker'

Note:broker is my search name in cef output.

Could anyone let me know , why this invalid routing error appears? Whats its significance? How to fix this?

Reply

DavidH1
Explorer
‎08-01-2017 12:37 PM

I had this exact issue, but I am on a clustered search head and clustered indexer environment. If you run the search command manually (go to Search Head -> Settings -> Searches, Reports, and Alerts -> App: Splunk App for CEF -> Run ) you get the same error as https://answers.splunk.com/answers/538377/splunk-app-for-cef-how-to-resolve-error-search-fac.html -- "Search Factory: Unknown search command 'cefout'".

To fix this I moved the bin folder and the commands.conf to the Splunk_TA_cefout app on the indexers and it resolved my issue.

Reply

abdulaziz_991
Engager
‎06-19-2017 02:42 AM

have same issue

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
Top