All Apps and Add-ons

Splunk Add-on for Unix and Linux sshdChecker.sh script error.

esalesapns2
Communicator

On standalone Search Head running Linux from AWS Splunk AMI 2018-09-28, Splunk Enterprise v7.2.0, Add-on v6.0.1, sshdChecker.sh is returning non-zero causing hundreds of console "Messages". If I run the script as user "splunk" from the apps/Splunk_TA_nix/ directory, it returns "bin/sshdChecker.sh: line 98: /bin/openssl: No such file or directory". I think this is because SPLUNK_HOME is not set because it sets the execute string to "$SPLUNK_HOME/bin/openssl". I can get it to work if I add "export SPLUNK_HOME=/opt/splunk" directly inside the script. Is this a bug, or did I miss a configuration setting somewhere? Also, how does one generally pass environment variables to scripted inputs?

esalesapns2
Communicator

I turns out that this happens if I do what they had me do dozens of times in Splunk training: run ".../bin/splunk restart" as user "splunk" from the command line. If you do this the Splunk environment variables don't get set and exported. Run "service splunk restart" instead, and the environment that things depend upon will be in place.

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...