So after a system crash, I reboot and now I'm getting the warning:
Installed Files Integrity Checker: File Integrity checks found 1 files that did not match the system-provided manifest.
checking the link I learn that /opt/splunk/etc/system/default/web.conf is not passing the integrity check.
I can also confirm this by running ./splunk validate files
Great, now what?
Every thread I found talking about this just says how to find the file, but none say how to actually FIX this.
How do I restore a default file that is failing integrity check?
Download the Splunk tarball for your version.
Use tar to extract the needed file.
tar -zxf <downloaded file name> splunk/etc/system/default/web.conf -C ~
Rename the existing web.conf file.
mv /opt/splunk/etc/system/default/web.conf ~/web_conf.bad
Move the extracted file into position.
mv ~/web.conf /opt/splunk/etc/system/default
Restart Splunk and the error should go away.
View solution in original post
Yes ! Thank you this is exactly what I wanted, nicely formatted and all. You rock!
for anyone reading this, here is the link for previous releases:
You can restore the default file from a clean installation of Splunk, if the error message is caused by you making changes to any files in the default Splunk directories and you don't have a backup of the original file.