Solved: Why am I receiving the following error "WARNING: w...

sylim_splunk · ‎09-17-2018

After HEC configurations are pushed to our HF, Splunk service fails to start.

This is happening to all the HF that received the new HEC configurations.

sylim_splunk · ‎09-17-2018

There is a known issue in this regards - if there are any duplicate tokens for HEC in search/local/inputs.conf the splunkd/splunkweb will fail to start and puts log message on the screen.

WARNING: web interface does not seem to be available!

Run to find the duplicate token in inputs.conf

$ splunk btool --debug inputs list | grep "token =" | cut -d "=" -f 2 |sort |uniq -c | awk '{ if ($1 > 1) print $2}'

The fix has been included in 7.0.6+ and 7.1.3+.

View solution in original post

sylim_splunk · ‎09-17-2018

There is a known issue in this regards - if there are any duplicate tokens for HEC in search/local/inputs.conf the splunkd/splunkweb will fail to start and puts log message on the screen.

WARNING: web interface does not seem to be available!

Run to find the duplicate token in inputs.conf

$ splunk btool --debug inputs list | grep "token =" | cut -d "=" -f 2 |sort |uniq -c | awk '{ if ($1 > 1) print $2}'

The fix has been included in 7.0.6+ and 7.1.3+.

Why am I receiving the following error "WARNING: web interface does not seem to be available!" when pushing HTTP Event Collector(HEC) configurations to Heavy Forwarders (HF)?

Developer Spotlight with Paul Stout

Preparing your Splunk Environment for OpenSSL3

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...