Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

default '/opt/splunk/etc/deployment-apps/Splunk_TA_windows/local/inputs.conf'?

mitag
Contributor
‎07-10-2020 01:03 PM

tl;dr: what are the initial, default contents of /opt/splunk/etc/deployment-apps/Splunk_TA_windows/local/inputs.conf as it ships with "Splunk_TA_windows" - if it exists and not empty?

Reason I ask: it does not exist in my instance on the Deployment Server (only apps.conf in that folder); I am trying to figure out what it should be and how to fix what seems to be a broken "Splunk Add-on for Microsoft Windows" ("Splunk_TA_windows") in an inherited Splunk instance. The TA doesn't seem to be gathering any data, and produces errors such:

ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-winhostinfo.exe"" splunk-winhostinfo - Found a invalid type named 'application' in stanza WinHostMon://Application, this will not be processed.

(i.e. the TA can't find the executables or scripts it needs.)

I suspect this is due to someone merging the TA's own inputs.conf into a single master inputs.conf (/opt/splunk/etc/deployment-apps/_server_app_Windows_Clients/local/inputs.conf on the Deployment Server) and then deleting it - which seems to have broken things.

Thanks!

P.S. Apologies for the formatting - for some reason "Insert/Edit code sample" buttons don't work for me.

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎07-10-2020 05:31 PM
Most apps ship with an empty local directory, except for app.conf.
If your app is broken, re-install it.

The code button on this forum is non-intuitive. You must click the button with no text highlighted then enter your code into the pop-up box.
---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎07-10-2020 05:31 PM
Most apps ship with an empty local directory, except for app.conf.
If your app is broken, re-install it.

The code button on this forum is non-intuitive. You must click the button with no text highlighted then enter your code into the pop-up box.
---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

mitag
Contributor
‎07-11-2020 06:14 PM

Thank you, this was the answer:

"Most apps ship with an empty local directory, except for app.conf."

It's also implied in "Download and configure the Splunk Add-on for Windows version 6.0.0 or later":

"Copy the inputs.conf file in the default subdirectory to the local directory.<"

P.S. The app may not be broken after all - just unconfigured. Likely the "_server_app_Windows_Clients" needs to be cleaned up - cleared of things that were originally part of the add-on. (Don't ask. That person has left the building.)

P.P.S. What's the accepted format for quotes? E.g. quoting documentation or snippets from others' posts?

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎07-12-2020 10:10 AM 
P.P.S. What's the accepted format for quotes? E.g. quoting documentation or snippets from others' posts?

We don't have one, yet.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...