All Apps and Add-ons

Why am I getting error "locale::facet::_S_create_c_locale name not valid" deploying the Splunk App for Stream on RHEL universal forwarders?

Path Finder

Hi, I have some troubles deploying Splunk_TA_stream on universal forwarders.
Indexer using the same TA works fine, and I was able to get stream data.
Once I put the TA in the deployment server, and client correctly download and install it, just after the splunkforwarder deamon restart I found this in the logs:

06-12-2015 15:34:34.623 +0200 ERROR ExecProcessor - message from "/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwd" terminate called after throwing an instance of 'std::runtime_error'
06-12-2015 15:34:34.623 +0200 ERROR ExecProcessor - message from "/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwd"   what():  locale::facet::_S_create_c_locale name not valid

Splunk run as a root, I tried chown'ing files and binaries to splunk:splunk, but the issue persist.

Operating system is RHEL 6.6 x86_64, SELinux disabled.

I had the same issue on the indexer on my first installation, and I solved it just deploying the app using the web interface uploader, and upgrading RHEL (yum update -y), but I don't know if this is related.

Any hints?


0 Karma

Splunk Employee
Splunk Employee

Are you using a non-English version of RHEL? The exact cause is difficult to determine, but my suspicion is that certain RHEL distros failed to include a properly configured (standard) "C" locale and this problem was fixed in a later release.

Path Finder

English version, I used localedef to force C and UTF8 before trying the upgrade.
I still don't know what was the issue and this make me a little uncomfortable...
RHEL7 works at the first try.
strace wasn't helpful to find the root cause and ldd show me that shared libraries was linked correctly, so I think this is just a bug.

0 Karma

Path Finder

Upgrading RHEL and rebooting solve the issue, but I'd like to understand the error.

0 Karma
Get Updates on the Splunk Community!

There's No Place Like Chrome and the Splunk Platform

Watch On DemandMalware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out >> 🏆 Check out the ...

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...