Deployment Architecture

Removing whitelist entries in serverclass.conf does not remove them

aelliott
Motivator

I added 8 dns names to my whitelist through the "Edit Clients" for my Server Class on my deployment server.
I saved and reloaded, then went back in to edit it.
I removed all but one entry, hit save and reload and got the following error:
In handler 'serverclasses': Gap in numbered regexes: expected attribute=whitelist.8 not found.

I believe this is a bug within the Edit Clients UI.

Tags (3)
1 Solution

lguinn2
Legend

It sounds like a bug.

For a work-around, go to the serverclass.conf file. You will probably see entries like this somewhere in the file:

whitelist.0= yourhostname1
whitelist.1= yourhostname2
whitelist.3= yourhostname8

Or perhaps the first whitelist.x is not whitelist.0!

In serverclass.conf the whitelists are numbered. The first one must be whitelist.0 and no numbers can be skipped in the list. If you see that these rules have been violated then

  1. Please document what happened for Splunk support! Perhaps you could even run a ./splunk diag before fixing the problem.
  2. Edit the file and correct the problem.
  3. Use this command to reload serverclass.conf: ./splunk reload deploy-server
  4. Go back into the UI and see if it works!

Even if the workaround solves the problem, please report it to http://support.splunk.com

View solution in original post

laurarokkanen
Engager

Same problem here, had to heavily edit a whitelist and got the same kind of whining (note! new whitelist was shorter than the old one!)

I worked around this by deleting a few hosts (one by one + save) from the whitelist until I had a number of hosts = the # hosts I was adding, then it allowed me to modify the whole list.

definitely sounds like a bug

lguinn2
Legend

It sounds like a bug.

For a work-around, go to the serverclass.conf file. You will probably see entries like this somewhere in the file:

whitelist.0= yourhostname1
whitelist.1= yourhostname2
whitelist.3= yourhostname8

Or perhaps the first whitelist.x is not whitelist.0!

In serverclass.conf the whitelists are numbered. The first one must be whitelist.0 and no numbers can be skipped in the list. If you see that these rules have been violated then

  1. Please document what happened for Splunk support! Perhaps you could even run a ./splunk diag before fixing the problem.
  2. Edit the file and correct the problem.
  3. Use this command to reload serverclass.conf: ./splunk reload deploy-server
  4. Go back into the UI and see if it works!

Even if the workaround solves the problem, please report it to http://support.splunk.com

wrangler2x
Motivator

I had a whitelist that was number starting from 1 rather than 0. I never saw any messages about it in splunk 5.1.3, but after I upgraded to 6.1.5 I did. However though it told me the correct server class, it incorrectly identified the problem as missing whitelist.9 rather than whitelist.0 #headscratcher (until I read this post).

0 Karma

wrangler2x
Motivator

I filed a bug report: link text

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...