- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: Removing whitelist entries in serverclass.conf...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I added 8 dns names to my whitelist through the "Edit Clients" for my Server Class on my deployment server.
I saved and reloaded, then went back in to edit it.
I removed all but one entry, hit save and reload and got the following error:
In handler 'serverclasses': Gap in numbered regexes: expected attribute=whitelist.8 not found.
I believe this is a bug within the Edit Clients UI.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It sounds like a bug.
For a work-around, go to the serverclass.conf file. You will probably see entries like this somewhere in the file:
whitelist.0= yourhostname1
whitelist.1= yourhostname2
whitelist.3= yourhostname8
Or perhaps the first whitelist.x is not whitelist.0!
In serverclass.conf the whitelists are numbered. The first one must be whitelist.0 and no numbers can be skipped in the list. If you see that these rules have been violated then
- Please document what happened for Splunk support! Perhaps you could even run a
./splunk diagbefore fixing the problem. - Edit the file and correct the problem.
- Use this command to reload
serverclass.conf:./splunk reload deploy-server - Go back into the UI and see if it works!
Even if the workaround solves the problem, please report it to http://support.splunk.com
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same problem here, had to heavily edit a whitelist and got the same kind of whining (note! new whitelist was shorter than the old one!)
I worked around this by deleting a few hosts (one by one + save) from the whitelist until I had a number of hosts = the # hosts I was adding, then it allowed me to modify the whole list.
definitely sounds like a bug
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It sounds like a bug.
For a work-around, go to the serverclass.conf file. You will probably see entries like this somewhere in the file:
whitelist.0= yourhostname1
whitelist.1= yourhostname2
whitelist.3= yourhostname8
Or perhaps the first whitelist.x is not whitelist.0!
In serverclass.conf the whitelists are numbered. The first one must be whitelist.0 and no numbers can be skipped in the list. If you see that these rules have been violated then
- Please document what happened for Splunk support! Perhaps you could even run a
./splunk diagbefore fixing the problem. - Edit the file and correct the problem.
- Use this command to reload
serverclass.conf:./splunk reload deploy-server - Go back into the UI and see if it works!
Even if the workaround solves the problem, please report it to http://support.splunk.com
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had a whitelist that was number starting from 1 rather than 0. I never saw any messages about it in splunk 5.1.3, but after I upgraded to 6.1.5 I did. However though it told me the correct server class, it incorrectly identified the problem as missing whitelist.9 rather than whitelist.0 #headscratcher (until I read this post).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I filed a bug report: link text
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
