I just installed some new apps (updated some as well) on my Splunk indexer cluster and attempted to push the bundle. When the bundle tries to push, I get the following errors:
In handler 'clustermastercontrol': The Master could not push the latest configuration bundle because it contains an invalid configuration. Fix any errors and push the bundle again. Alternatively, you can skip the validation process like this: "splunk apply cluster-bundle --skip-validation". Use this option carefully, as it can cause the master to push an invalid configuration to the peers. The following errors were encountered: No spec file for: C:\ProgramFiles\Splunk\etc\master-apps\Splunk_TA_cisco-ise\default\eventgen.conf ; Invalid key in stanza [EPS_Quarantine_By_Framed_IP_Address] inC:\Program Files\Splunk\etc\master-apps\Splunk_TA_cisco-ise\default\workflow_actions.conf, line 10: ise.host (value: Please update ISE host information before enabling) ; Invalid key in stanza [EPS_Quarantine_By_Framed_IP_Address] in C:\Program Files\Splunk\etc\master-apps\Splunk_TA_cisco-ise\default\workflow_actions.conf, line 11: ise.version (value: 1.2) ; …
I can’t push my bundle out as a result of this issue, what is causing this problem?
The error message is indicating that the cluster master is attempting to push .conf files for which is does not contain a valid SPEC file. For example the eventgen.conf does not exist as part of the default splunk install. Therefore if an app wants to leverage this file , it would need a corresponding SPEC file in order to utilize this eventgen.conf. Because this file is missing the bundle will flag the config as invalid and refuse to push it until it's resolved
You can fix this issue in one of a few ways
If you find that an app is giving you these errors AND the spec file for that app is not included, you may want to alert the app developer of this problem.
Please, have you more information about the condition required for these cluster bundle deployment message to appear ?
There is a user of the Nmon app mentioning the same message because of missing spec files:
Therefore, in my customers places running the app in indexer clustering or in my own env testing i have never met this message.
Is this verification step specific to certain configuration ? version ? OS ?
Thank you !