Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Splunk 10: Journald input not working with debian ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk 10: Journald input not working with debian 13 (trixie)
After upgrading to Debian 13 Journald input is not working anymore with Splunk 10.x.
This error I found in the internal logs:
ERROR ExecProcessor [3095663 ExecProcessor] - message from "/opt/splunk/bin/splunkd journald-modinput '$@'" journalctl: /opt/splunk/lib/libcrypto.so.3: version `OPENSSL_3.4.0' not found (required by /usr/lib/x86_64-linux-gnu/systemd/libsystemd-shared-257.so)
(With Debian 12 Journald input is working. And with Splunk 9.4.x Journald input is working with Debian 13)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Getting the same issue with AlmaLinux 9.7...
Tried this:
sudo mv /opt/splunk/lib/libcrypto.so.3 /opt/splunk/lib/libcrypto.so.3.bak
sudo ln -s /usr/lib64/libcrypto.so.3 /opt/splunk/lib/libcrypto.so.3but then I get this instead:
Traceback (most recent call last):
File "/opt/splunk/lib/python3.9/site-packages/splunk/clilib/cli.py", line 25, in <module>
import splunk.clilib.control_api as ca
File "/opt/splunk/lib/python3.9/site-packages/splunk/clilib/control_api.py", line 5, in <module>
import splunk.clilib._internal as _internal
File "/opt/splunk/lib/python3.9/site-packages/splunk/clilib/_internal.py", line 7, in <module>
from splunk.clilib import manage_search
File "/opt/splunk/lib/python3.9/site-packages/splunk/clilib/manage_search.py", line 16, in <module>
from splunk.clilib import bundle_paths
File "/opt/splunk/lib/python3.9/site-packages/splunk/clilib/bundle_paths.py", line 24, in <module>
import ssl
File "/opt/splunk/lib/python3.9/ssl.py", line 99, in <module>
import _ssl # if we can't import it, let the error propagate
ImportError: /opt/splunk/lib/python3.9/lib-dynload/_ssl.cpython-39-x86_64-linux-gnu.openssl3.so: undefined symbol: RAND_egd, version OPENSSL_3.0.0- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As @livehybrid said, Debian 13 isn’t listed as a supported OS for Splunk Enterprise 10.0, so this incompatibility with newer OpenSSL versions could be the cause of the issue.
It’s recommended to raise a support request at https://splunk.com/support so Splunk can address it in a future minor release.
If this helps, some karma would be appreciated!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Beerman
Debian 13 isnt listed as a supported OS for Splunk Enterprise at https://help.splunk.com/en/splunk-enterprise/get-started/install-and-upgrade/10.0/plan-your-splunk-e... so it could be that there is some incompatibility here with newer versions of OpenSSL.
Despite it not being referenced as a supported OS it might be worth raising a support request/case at https://splunk.com/support so that it could potentially be addressed for a future minor release.
🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing.
Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA
.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...
A Season of Skills: New Splunk Courses to Light Up Your Learning Journey
