All Apps and Add-ons

Splunk App for Unix and Linux Bad Regex


I've installed the v8.2.0 Splunk App for Unix and Linux on my search head per the instructions in the documentation. However, restarting Splunk throws an error of:


Bad regex value: '(?::){0}*', of param: props.conf / [(?::){0}*]; why: this regex is likely to apply to all data and may break summary indexing, among other Splunk features.


This appears to be coming from the {%appdir%}\default\props.conf file:


## Dropdowns
LOOKUP-dropdowns = dropdownsLookup host OUTPUT unix_category unix_group


As a result, the Metrics page in the app is non-functional.

Is anyone else having this issue? What did you do resolve it?

Labels (1)


I'm seeing the same thing after upgrading our splunk.  Have you managed to figure out what's up with the message?


0 Karma


Nope, still an open issue. No one from support will address it either. Guessing I'll have to talk to an account manager to get any traction on the problem.

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!