All Apps and Add-ons

Invalid key in stanza error for TA EdgeRouter X

Jon_Irish
Explorer

I just installed TA EdgeRouter X in hopes of getting the syslog data from my Ubiquity UniFi USG into CIM compliance. It installed fine, but when I start Splunk, I see this error:

Invalid key in stanza [syslog] in /Applications/Splunk/etc/apps/TA-EdgeRouter_X/default/props.conf, line 20: EVAl-direction (value: case(dest_zone="WAN" AND dest_interface="eth0", "outbound", src_zone="WAN" AND src_interface="eth0", "inbound", src_zone="LOCAL" AND (dest_interface="eth1.172" OR dest_interface="eth1.192" OR dest_interface="eth1.10" ), "local", dest_interface != "eth0", "local" )).

Anyone have an idea of might might be wrong?

TIA,
Jon

0 Karma
1 Solution

jkat54
SplunkTrust
SplunkTrust

This says evai not eval:

EVAl-direction

It's on line 20 in /Applications/Splunk/etc/apps/TA-EdgeRouter_X/default/props.conf

Change it to

EVAL-direction

And restart Splunk.

View solution in original post

jkat54
SplunkTrust
SplunkTrust

This says evai not eval:

EVAl-direction

It's on line 20 in /Applications/Splunk/etc/apps/TA-EdgeRouter_X/default/props.conf

Change it to

EVAL-direction

And restart Splunk.

jkat54
SplunkTrust
SplunkTrust

@jespencer

0 Karma

Jon_Irish
Explorer

That did it, thanks a lot!

0 Karma

jespencer
Engager

fixed the typo. thanks.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...