I added 8 dns names to my whitelist through the "Edit Clients" for my Server Class on my deployment server.
I saved and reloaded, then went back in to edit it.
I removed all but one entry, hit save and reload and got the following error:
In handler 'serverclasses': Gap in numbered regexes: expected attribute=whitelist.8 not found.
I believe this is a bug within the Edit Clients UI.
It sounds like a bug.
For a work-around, go to the serverclass.conf
file. You will probably see entries like this somewhere in the file:
whitelist.0= yourhostname1
whitelist.1= yourhostname2
whitelist.3= yourhostname8
Or perhaps the first whitelist.x
is not whitelist.0
!
In serverclass.conf
the whitelists are numbered. The first one must be whitelist.0
and no numbers can be skipped in the list. If you see that these rules have been violated then
./splunk diag
before fixing the problem.serverclass.conf
: ./splunk reload deploy-server
Even if the workaround solves the problem, please report it to http://support.splunk.com
Same problem here, had to heavily edit a whitelist and got the same kind of whining (note! new whitelist was shorter than the old one!)
I worked around this by deleting a few hosts (one by one + save) from the whitelist until I had a number of hosts = the # hosts I was adding, then it allowed me to modify the whole list.
definitely sounds like a bug
It sounds like a bug.
For a work-around, go to the serverclass.conf
file. You will probably see entries like this somewhere in the file:
whitelist.0= yourhostname1
whitelist.1= yourhostname2
whitelist.3= yourhostname8
Or perhaps the first whitelist.x
is not whitelist.0
!
In serverclass.conf
the whitelists are numbered. The first one must be whitelist.0
and no numbers can be skipped in the list. If you see that these rules have been violated then
./splunk diag
before fixing the problem.serverclass.conf
: ./splunk reload deploy-server
Even if the workaround solves the problem, please report it to http://support.splunk.com
I had a whitelist that was number starting from 1 rather than 0. I never saw any messages about it in splunk 5.1.3, but after I upgraded to 6.1.5 I did. However though it told me the correct server class, it incorrectly identified the problem as missing whitelist.9 rather than whitelist.0 #headscratcher (until I read this post).
I filed a bug report: link text