Solved: Invalid key in stanza error for TA EdgeRouter X

Jon_Irish · ‎07-21-2017

I just installed TA EdgeRouter X in hopes of getting the syslog data from my Ubiquity UniFi USG into CIM compliance. It installed fine, but when I start Splunk, I see this error:

Invalid key in stanza [syslog] in /Applications/Splunk/etc/apps/TA-EdgeRouter_X/default/props.conf, line 20: EVAl-direction (value: case(dest_zone="WAN" AND dest_interface="eth0", "outbound", src_zone="WAN" AND src_interface="eth0", "inbound", src_zone="LOCAL" AND (dest_interface="eth1.172" OR dest_interface="eth1.192" OR dest_interface="eth1.10" ), "local", dest_interface != "eth0", "local" )).

Anyone have an idea of might might be wrong?

TIA,
Jon

jkat54 · ‎07-22-2017

This says evai not eval:

EVAl-direction

It's on line 20 in /Applications/Splunk/etc/apps/TA-EdgeRouter_X/default/props.conf

Change it to

EVAL-direction

And restart Splunk.

View solution in original post

jkat54 · ‎07-22-2017

This says evai not eval:

EVAl-direction

It's on line 20 in /Applications/Splunk/etc/apps/TA-EdgeRouter_X/default/props.conf

Change it to

EVAL-direction

And restart Splunk.

jkat54 · ‎07-23-2017

@jespencer

Jon_Irish · ‎07-23-2017

That did it, thanks a lot!

jespencer · ‎07-23-2017

fixed the typo. thanks.

Invalid key in stanza error for TA EdgeRouter X

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

Improve Data Pipelines Using Splunk Data Management

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?