- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- "invalid key in stanza" error after restarting the...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
We have installed the Splunk_TA_nix (Splunk Add-on for Unix and Linux - https://splunkbase.splunk.com/app/833/) in the Search Head (/opt/splunk/etc/deployment-apps folder), added a /local folder with inputs.conf enabling all the scripts supported for AIX (based on what is indicated here https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/Releasenotes) but after have deployed the app in the forwarders that are running on AIX we are getting those errors in eventgen.conf:
Checking mgmt port [8089]: open
Checking conf files for problems...
Invalid key in stanza [sample.dhcpd] in /home/myuser/opt/splunkforwarder/etc/apps/Splunk_TA_nix/default/eventgen.conf, line 4: interval (value: 10).
Invalid key in stanza [sample.dhcpd] in /home/myuser/opt/splunkforwarder/etc/apps/Splunk_TA_nix/default/eventgen.conf, line 5: earliest (value: -10m).
Invalid key in stanza [sample.dhcpd] in /home/myuser/opt/splunkforwarder/etc/apps/Splunk_TA_nix/default/eventgen.conf, line 6: latest (value: now).
Invalid key in stanza [sample.dhcpd] in /home/myuser/opt/splunkforwarder/etc/apps/Splunk_TA_nix/default/eventgen.conf, line 7: source (value: sample.dhcpd).
Invalid key in stanza [sample.dhcpd] in /home/myuser/opt/splunkforwarder/etc/apps/Splunk_TA_nix/default/eventgen.conf, line 8: sourcetype (value: dhcpd).
and lot more with same error.
Do you know how can we solve it?
Thanks a lot,
Edoardo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should always do 2 things for any app that you download from the internet and move to production:
1: remove the samples directory
2: remove eventget.conf
This is unnecessary and sometimes dangerous fluff as far as production goes.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should always do 2 things for any app that you download from the internet and move to production:
1: remove the samples directory
2: remove eventget.conf
This is unnecessary and sometimes dangerous fluff as far as production goes.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Really thanks for your feedback. Currently I am testing it in our development environment, I will take care to remove them.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Be sure to click Accept to close the question on the best answer and UpVote any other helpful comment.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you aren't going to use it, you can remove eventgen.conf from the app (or rename it to something like eventgen.bak). The TA has no spec file for the eventgen.conf file and that may be what is causing this error. This error will not affect the function of the
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ragedsparrow, thanks for your feedback, I will remove eventgen.conf file as well as any sample directory as mentioned by woodcock
Splunk Custom Visualizations App End of Life
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
