All Apps and Add-ons

Why am I getting an error about No spec file on the deployment server when deploying Splunk_TA_nix?

BrandonKeep
Explorer

I downloaded the latest version of the Splunk addon for linux and when deploying, I see this error in the web UI "No spec file for: /opt/splunk/etc/master-apps/Splunk_TA_nix/default/eventgen.conf"

The app was deployed and exists on the indexers. Just curious why I am seeing this on a fresh install.

What can I do to resolve this?
Regards,
Brandon

0 Karma
1 Solution

xpac
SplunkTrust
SplunkTrust

As far as I see this - because the TA ships with a eventgen.conf (which it shouldn't), and to correctly interpret such a config, Splunk would need the eventgen.conf.spec from the eventgen TA. As you don't have that it installed, it complains because it can't verify that .conf file. You can safely ignore this (and better, remove that eventgen.conf from the app at all).

View solution in original post

xpac
SplunkTrust
SplunkTrust

As far as I see this - because the TA ships with a eventgen.conf (which it shouldn't), and to correctly interpret such a config, Splunk would need the eventgen.conf.spec from the eventgen TA. As you don't have that it installed, it complains because it can't verify that .conf file. You can safely ignore this (and better, remove that eventgen.conf from the app at all).

BrandonKeep
Explorer

Thanks for the clear answer.

0 Karma
Get Updates on the Splunk Community!

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...