Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is the "connection_host" option in a UDP stanza of inputs.conf being reported as a typo?

hexx
Splunk Employee
Splunk Employee
‎03-31-2011 06:33 AM

After an upgrade to 4.2, when Splunk starts up the configuration file checker reports that the "connection_host" option in UDP stanzas of inputs.conf may be a typo :


Checking conf files for typos...
Possible typo in stanza [udp://514] in /opt/splunk/etc/apps/search/local/inputs.conf, line 2: connection_host = ip

This option is perfectly functional and this error is therefore not accurate.

Why is this being reported?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎03-31-2011 06:38 AM

The typo for the "connection_host" configuration parameter in [udp://] stanzas of inputs.conf is indeed misreported and we currently have a bug opened to fix this problem (SPL-38051). This will be fixed in version 4.2.1

If you require an immediate work-around, simply add the following line to $SPLUNK_HOME/etc/system/README/inputs.conf.spec at line 432, under the options defined for [udp://] stanzas :

connection_host = [ip|dns|none]

This will prevent any further false positives on "connection_host".

If you want to know more about how keys in configuration files are checked in 4.2, take a look at this Splunk Answer.

View solution in original post

Reply
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎03-31-2011 06:38 AM

The typo for the "connection_host" configuration parameter in [udp://] stanzas of inputs.conf is indeed misreported and we currently have a bug opened to fix this problem (SPL-38051). This will be fixed in version 4.2.1

If you require an immediate work-around, simply add the following line to $SPLUNK_HOME/etc/system/README/inputs.conf.spec at line 432, under the options defined for [udp://] stanzas :

connection_host = [ip|dns|none]

This will prevent any further false positives on "connection_host".

If you want to know more about how keys in configuration files are checked in 4.2, take a look at this Splunk Answer.

Reply
Get Updates on the Splunk Community!

.conf25 Registration is OPEN!

Ready. Set. Splunk! Your favorite Splunk user event is back and better than ever. Get ready for more technical ...

Detecting Cross-Channel Fraud with Splunk

This article is the final installment in our three-part series exploring fraud detection techniques using ...

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
Top