Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

a problem in Splunk UBA Installation

Nrsch
Explorer
2 weeks ago

Hi, I am installing Splunk UBA 5.4.2 on my laptop in a virtual machine (RHEL 8.8) for testing. I followed the installation steps up to “Install Splunk UBA: Run the setup script /opt/caspida/bin/Caspida setup” as described here: Splunk UBA 5.4.2 Single Server Installation Guide.

The setup runs for a few minutes, but then I receive the following error: 

waiting on impala containerized service to come up
Running CaspidaCleanup, resetting rules
Cleaning up node uba.mysplunk
checking if zookeeper is reachable at: uba.mysplunk:2181
zookeeper reachable at: uba.mysplunk:2181
checking if postgres is reachable at: uba.mysplunk:5432
postgres server reachable at: uba.mysplunk:5432
checking if impala is reachable at: jdbc:impala://uba.mysplunk:21050/;auth=noSasl
/opt/caspida/bin/CaspidaFunctions: line 4277: 126717 Killed timeout -k ${TIMEOUT} -s 9 ${TIMEOUT} beeline --silent=true --fastConnect=true -u ${jdbcURL} -e "show databases;" >> ${CASPIDA_OUT} 2>&1
impala jdbc server at:jdbc:impala://uba.mysplunk:21050/;auth=noSasl not reachable, aborting
required services not up, aborting cleanup
CaspidaCleanup failed, exiting

 

Could someone help me understand why this error occurs?

Labels (1)
Labels
0 Karma
Reply

PrewinThomas
Motivator
a week ago

@Nrsch 

I agree with @gcusello  , Splunk UBA is highly dependent on both the OS version and the packages installed. When setting up UBA on a laptop, especially in a virtual machine, it is essential to verify that all system requirements(especially resource allocation) are satisfied before starting the installation process. Most installation packages provided with UBA include automated checks to ensure your system meets these requirements before proceeding.

You can refer below,
system requirements - #https://docs.splunk.com/Documentation/UBA/5.4.2/Install/Requirements
basic troubleshooting - #https://help.splunk.com/en/security-offerings/splunk-user-behavior-analytics/install-and-upgrade/5.4...

Regards,
Prewin
If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
a week ago

Hi @Nrsch ,

if you open a case to Splunk Support, they answer that UBA must be installed by Splunk PS to be certified.

For my experience I hint to check the versions of the operative system, checking all the installed packets: I had a Red Hat 8.8 installation where some pachets were in 8.9 and we received many installation errors.

Ciao.

Giuseppe

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...