Solved: How to resolve inputs.conf error "Invalid key in s...

dhavamanis · ‎04-24-2015

Can you please tell us how to resolve this error on our Windows universal forwarder,

Invalid key in stanza [monitor:C:\jmeter\Workspace\SplunkData\ST
AGE] in C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf,
line 7: blacklist  (value:  \.(jtl)$)
                Invalid key in stanza [monitor:C:\jmeter\Workspace\SplunkData\ST
AGE] in C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf,
line 8: crcSalt (value: <SOURCE>)
                Your indexes and inputs configurations are not internally consis
tent. For more information, run 'splunk btool check --debug'

inputs.conf:

[default]
host = USZMPAPWQ004

[monitor:C:\jmeter\Workspace\SplunkData\STAGE]
index=idx-sqe-perf
sourcetype=csv
crcSalt = <SOURCE>
blacklist = \.(jtl)$

martin_mueller · ‎04-24-2015

Consider using this stanza:

[monitor://C:\jmeter\Workspace\SplunkData\STAGE]

Added the double-slash of monitor://.

View solution in original post

martin_mueller · ‎04-24-2015

Consider using this stanza:

[monitor://C:\jmeter\Workspace\SplunkData\STAGE]

Added the double-slash of monitor://.

the_wolverine · ‎04-24-2015

crcSalt requires a value. You don't need to set crcSalt so just removing that line should resolve the issue.

dhavamanis · ‎04-24-2015

i have updated with exact config. its have value SOURCE. can you please check now.

the_wolverine · ‎04-24-2015

I think you are looking to set:

crcSalt = <SOURCE>

(case sensitive)

dhavamanis · ‎04-24-2015

yes, you are correct. I have updated the actual without any break now. Please check this.

How to resolve inputs.conf error "Invalid key in stanza" on our Windows universal forwarder?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases