Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

a problem in Splunk UBA Installation

Nrsch
Explorer
‎09-07-2025 12:26 AM

Hi, I am installing Splunk UBA 5.4.2 on my laptop in a virtual machine (RHEL 8.8) for testing. I followed the installation steps up to “Install Splunk UBA: Run the setup script /opt/caspida/bin/Caspida setup” as described here: Splunk UBA 5.4.2 Single Server Installation Guide.

The setup runs for a few minutes, but then I receive the following error: 

waiting on impala containerized service to come up
Running CaspidaCleanup, resetting rules
Cleaning up node uba.mysplunk
checking if zookeeper is reachable at: uba.mysplunk:2181
zookeeper reachable at: uba.mysplunk:2181
checking if postgres is reachable at: uba.mysplunk:5432
postgres server reachable at: uba.mysplunk:5432
checking if impala is reachable at: jdbc:impala://uba.mysplunk:21050/;auth=noSasl
/opt/caspida/bin/CaspidaFunctions: line 4277: 126717 Killed timeout -k ${TIMEOUT} -s 9 ${TIMEOUT} beeline --silent=true --fastConnect=true -u ${jdbcURL} -e "show databases;" >> ${CASPIDA_OUT} 2>&1
impala jdbc server at:jdbc:impala://uba.mysplunk:21050/;auth=noSasl not reachable, aborting
required services not up, aborting cleanup
CaspidaCleanup failed, exiting

 

Could someone help me understand why this error occurs?

Labels (1)
Labels
0 Karma
Reply

PrewinThomas
Motivator
‎09-10-2025 09:18 PM

@Nrsch 

I agree with @gcusello  , Splunk UBA is highly dependent on both the OS version and the packages installed. When setting up UBA on a laptop, especially in a virtual machine, it is essential to verify that all system requirements(especially resource allocation) are satisfied before starting the installation process. Most installation packages provided with UBA include automated checks to ensure your system meets these requirements before proceeding.

You can refer below,
system requirements - #https://docs.splunk.com/Documentation/UBA/5.4.2/Install/Requirements
basic troubleshooting - #https://help.splunk.com/en/security-offerings/splunk-user-behavior-analytics/install-and-upgrade/5.4...

Regards,
Prewin
If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

Reply

gcusello
SplunkTrust
SplunkTrust
‎09-10-2025 03:04 PM

Hi @Nrsch ,

if you open a case to Splunk Support, they answer that UBA must be installed by Splunk PS to be certified.

For my experience I hint to check the versions of the operative system, checking all the installed packets: I had a Red Hat 8.8 installation where some pachets were in 8.9 and we received many installation errors.

Ciao.

Giuseppe

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...