Re: Splunk Add-on for Unix and Linux sshdChecker.s...

esalesapns2 · ‎11-27-2018

On standalone Search Head running Linux from AWS Splunk AMI 2018-09-28, Splunk Enterprise v7.2.0, Add-on v6.0.1, sshdChecker.sh is returning non-zero causing hundreds of console "Messages". If I run the script as user "splunk" from the apps/Splunk_TA_nix/ directory, it returns "bin/sshdChecker.sh: line 98: /bin/openssl: No such file or directory". I think this is because SPLUNK_HOME is not set because it sets the execute string to "$SPLUNK_HOME/bin/openssl". I can get it to work if I add "export SPLUNK_HOME=/opt/splunk" directly inside the script. Is this a bug, or did I miss a configuration setting somewhere? Also, how does one generally pass environment variables to scripted inputs?

esalesapns2 · ‎12-12-2018

I turns out that this happens if I do what they had me do dozens of times in Splunk training: run ".../bin/splunk restart" as user "splunk" from the command line. If you do this the Splunk environment variables don't get set and exported. Run "service splunk restart" instead, and the environment that things depend upon will be in place.

Splunk Add-on for Unix and Linux sshdChecker.sh script error.

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation