All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

There are several issues to be fixed in the current app release of CIS Critical Security Controls.

guilmxm
Influencer
‎03-22-2018 01:05 AM

Hello,

There are several things to be corrected within the current version of the application:

  • metdadata/local.meta

There should not be local.meta files when you publish the application in Splunk base, any stanza would need to migrated to default.meta and this file should removed from the package

Finally, the default.meta should be cleaned, removing references to SPlunk versions, setting up properly parents Meta and removing childs metata if not useful

  • metadata/local.meta Git conflict unleaned

There is an unclean Git conflict in both file, with lines:

<<<<<<< HEAD

Which will generates huge number of WARN messages in splunkd.

03-21-2018 10:16:44.658 +0000 WARN  IniFile - /opt/splunk/etc/apps/cis-controls-app-for-splunk/metadata/local.meta, line 148: Cannot parse into key-value pair: <<<<<<< HEAD
03-21-2018 10:16:44.658 +0000 WARN  IniFile - /opt/splunk/etc/apps/cis-controls-app-for-splunk/metadata/local.meta, line 360: Cannot parse into key-value pair: <<<<<<< HEAD
03-21-2018 10:17:05.418 +0000 WARN  ConfObjectManagerDB - /opt/splunk/etc/apps/cis-controls-app-for-splunk/metadata/local.meta, line 8: Error parsing setting:  = ======

And there are others errors like the usage of deprecated features and syntax in xml files, wrong authorisations on csv files, etc.

I would kindly suggest to use appinspect when building your package, such that you can automatically be informed of these issues and perform unit testing for code quality improvements.

http://dev.splunk.com/view/SP-CAAAFAK

Many thanks,

Regards,

Guilhem

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

aperez_splunk
Splunk Employee
Splunk Employee
‎03-22-2018 07:15 AM

Thanks for your kind words @guilmxm.

Please know that these issues (and others) are in the queue for correction in my repo when the next iteration is released.

Many thanks again.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

aperez_splunk
Splunk Employee
Splunk Employee
‎03-22-2018 07:15 AM

Thanks for your kind words @guilmxm.

Please know that these issues (and others) are in the queue for correction in my repo when the next iteration is released.

Many thanks again.

0 Karma
Reply
Solved! Jump to solution

aperez_splunk
Splunk Employee
Splunk Employee
‎03-22-2018 05:29 AM

Hi @guilmxm - app developer here.

Thanks for your note. Searching before posting would've turned this up as a known item.

Hopefully realworld usage of the app is useful for you despite these nuisance lines in splunkd.log.

Cheers.

0 Karma
Reply
Solved! Jump to solution

guilmxm
Influencer
‎03-22-2018 05:53 AM

Hello !

And it's because it is a very good application, and an amazing work you've done, and because it is useful to many that I wanted to post in case you wouldn't be aware of that 😉

Cheers,

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...