Hi All,
We have installed the Splunk_TA_nix (Splunk Add-on for Unix and Linux - https://splunkbase.splunk.com/app/833/) in the Search Head (/opt/splunk/etc/deployment-apps folder), added a /local folder with inputs.conf enabling all the scripts supported for AIX (based on what is indicated here https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/Releasenotes) but after have deployed the app in the forwarders that are running on AIX we are getting those errors in eventgen.conf:
Checking mgmt port [8089]: open
Checking conf files for problems...
Invalid key in stanza [sample.dhcpd] in /home/myuser/opt/splunkforwarder/etc/apps/Splunk_TA_nix/default/eventgen.conf, line 4: interval (value: 10).
Invalid key in stanza [sample.dhcpd] in /home/myuser/opt/splunkforwarder/etc/apps/Splunk_TA_nix/default/eventgen.conf, line 5: earliest (value: -10m).
Invalid key in stanza [sample.dhcpd] in /home/myuser/opt/splunkforwarder/etc/apps/Splunk_TA_nix/default/eventgen.conf, line 6: latest (value: now).
Invalid key in stanza [sample.dhcpd] in /home/myuser/opt/splunkforwarder/etc/apps/Splunk_TA_nix/default/eventgen.conf, line 7: source (value: sample.dhcpd).
Invalid key in stanza [sample.dhcpd] in /home/myuser/opt/splunkforwarder/etc/apps/Splunk_TA_nix/default/eventgen.conf, line 8: sourcetype (value: dhcpd).
and lot more with same error.
Do you know how can we solve it?
Thanks a lot,
Edoardo
You should always do 2 things for any app that you download from the internet and move to production:
1: remove the samples
directory
2: remove eventget.conf
This is unnecessary and sometimes dangerous fluff as far as production goes.
You should always do 2 things for any app that you download from the internet and move to production:
1: remove the samples
directory
2: remove eventget.conf
This is unnecessary and sometimes dangerous fluff as far as production goes.
Really thanks for your feedback. Currently I am testing it in our development environment, I will take care to remove them.
Be sure to click Accept
to close the question on the best answer and UpVote
any other helpful comment.
If you aren't going to use it, you can remove eventgen.conf from the app (or rename it to something like eventgen.bak). The TA has no spec file for the eventgen.conf file and that may be what is causing this error. This error will not affect the function of the
Hi ragedsparrow, thanks for your feedback, I will remove eventgen.conf file as well as any sample directory as mentioned by woodcock