Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

a problem in Splunk UBA Installation

Nrsch
Explorer
a month ago

Hi, I am installing Splunk UBA 5.4.2 on my laptop in a virtual machine (RHEL 8.8) for testing. I followed the installation steps up to “Install Splunk UBA: Run the setup script /opt/caspida/bin/Caspida setup” as described here: Splunk UBA 5.4.2 Single Server Installation Guide.

The setup runs for a few minutes, but then I receive the following error: 

waiting on impala containerized service to come up
Running CaspidaCleanup, resetting rules
Cleaning up node uba.mysplunk
checking if zookeeper is reachable at: uba.mysplunk:2181
zookeeper reachable at: uba.mysplunk:2181
checking if postgres is reachable at: uba.mysplunk:5432
postgres server reachable at: uba.mysplunk:5432
checking if impala is reachable at: jdbc:impala://uba.mysplunk:21050/;auth=noSasl
/opt/caspida/bin/CaspidaFunctions: line 4277: 126717 Killed timeout -k ${TIMEOUT} -s 9 ${TIMEOUT} beeline --silent=true --fastConnect=true -u ${jdbcURL} -e "show databases;" >> ${CASPIDA_OUT} 2>&1
impala jdbc server at:jdbc:impala://uba.mysplunk:21050/;auth=noSasl not reachable, aborting
required services not up, aborting cleanup
CaspidaCleanup failed, exiting

 

Could someone help me understand why this error occurs?

Labels (1)
Labels
0 Karma
Reply

PrewinThomas
Motivator
4 weeks ago

@Nrsch 

I agree with @gcusello  , Splunk UBA is highly dependent on both the OS version and the packages installed. When setting up UBA on a laptop, especially in a virtual machine, it is essential to verify that all system requirements(especially resource allocation) are satisfied before starting the installation process. Most installation packages provided with UBA include automated checks to ensure your system meets these requirements before proceeding.

You can refer below,
system requirements - #https://docs.splunk.com/Documentation/UBA/5.4.2/Install/Requirements
basic troubleshooting - #https://help.splunk.com/en/security-offerings/splunk-user-behavior-analytics/install-and-upgrade/5.4...

Regards,
Prewin
If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

Reply

gcusello
SplunkTrust
SplunkTrust
4 weeks ago

Hi @Nrsch ,

if you open a case to Splunk Support, they answer that UBA must be installed by Splunk PS to be certified.

For my experience I hint to check the versions of the operative system, checking all the installed packets: I had a Red Hat 8.8 installation where some pachets were in 8.9 and we received many installation errors.

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Community Content Calendar, October Edition

Welcome to the October edition of our Community Spotlight! The Splunk Community is a treasure trove of ...