Re: IPS app not working.

rblalock · ‎04-15-2013

I had it working, barely. One IPS module was reporting even though I had six I was trying to get data from. So I installed an update that appeared in the manager and that broke the app completely. I deleted the app folder and restarted Splunk, then I tried a fresh install of the app. Now I get a message that says the app is awaiting setup. I click the setup link and am prompted for the ip and credentials to add the sensor. When I enter the information and click save, I get this message.

Encountered the following error while trying to update: In handler 'localapps': Failed to search for existing Cisco IPS Sensor credential in app.conf!

I've no idea what this means. I hope somebody can help me.

rblalock · ‎04-15-2013

Where is local/app.conf?

The server is Ubuntu.

andrew_garvin · ‎04-15-2013

What operating system are you running on your Splunk server?

I tried to reproduce the error myself, but I can't. I tried removing and readding the app several different ways, but it worked every time. Here are a few things you can try.

Check permissions on local/app.conf
Are there any strange/foreign characters in local/app.conf?
Add a blank local/app.conf if one does not exist
Restart Splunkd

andrew_garvin · ‎04-15-2013

Sorry, I meant $SPLUNK_HOME\etc\apps\Splunk_CiscoIPS\local\app.conf

rblalock · ‎04-15-2013

Where is local/app.conf?

The server is Ubuntu.

IPS app not working.

Infographic provides the TL;DR for the 2023 Splunk Career Impact Report

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Enterprise Security Content Update (ESCU) | New Releases