Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is the "connection_host" option in a UDP stanza of inputs.conf being reported as a typo?

hexx
Splunk Employee
Splunk Employee
‎03-31-2011 06:33 AM

After an upgrade to 4.2, when Splunk starts up the configuration file checker reports that the "connection_host" option in UDP stanzas of inputs.conf may be a typo :


Checking conf files for typos...
Possible typo in stanza [udp://514] in /opt/splunk/etc/apps/search/local/inputs.conf, line 2: connection_host = ip

This option is perfectly functional and this error is therefore not accurate.

Why is this being reported?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎03-31-2011 06:38 AM

The typo for the "connection_host" configuration parameter in [udp://] stanzas of inputs.conf is indeed misreported and we currently have a bug opened to fix this problem (SPL-38051). This will be fixed in version 4.2.1

If you require an immediate work-around, simply add the following line to $SPLUNK_HOME/etc/system/README/inputs.conf.spec at line 432, under the options defined for [udp://] stanzas :

connection_host = [ip|dns|none]

This will prevent any further false positives on "connection_host".

If you want to know more about how keys in configuration files are checked in 4.2, take a look at this Splunk Answer.

View solution in original post

Reply
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎03-31-2011 06:38 AM

The typo for the "connection_host" configuration parameter in [udp://] stanzas of inputs.conf is indeed misreported and we currently have a bug opened to fix this problem (SPL-38051). This will be fixed in version 4.2.1

If you require an immediate work-around, simply add the following line to $SPLUNK_HOME/etc/system/README/inputs.conf.spec at line 432, under the options defined for [udp://] stanzas :

connection_host = [ip|dns|none]

This will prevent any further false positives on "connection_host".

If you want to know more about how keys in configuration files are checked in 4.2, take a look at this Splunk Answer.

Reply
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...