Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

default '/opt/splunk/etc/deployment-apps/Splunk_TA_windows/local/inputs.conf'?

mitag
Contributor
‎07-10-2020 01:03 PM

tl;dr: what are the initial, default contents of /opt/splunk/etc/deployment-apps/Splunk_TA_windows/local/inputs.conf as it ships with "Splunk_TA_windows" - if it exists and not empty?

Reason I ask: it does not exist in my instance on the Deployment Server (only apps.conf in that folder); I am trying to figure out what it should be and how to fix what seems to be a broken "Splunk Add-on for Microsoft Windows" ("Splunk_TA_windows") in an inherited Splunk instance. The TA doesn't seem to be gathering any data, and produces errors such:

ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-winhostinfo.exe"" splunk-winhostinfo - Found a invalid type named 'application' in stanza WinHostMon://Application, this will not be processed.

(i.e. the TA can't find the executables or scripts it needs.)

I suspect this is due to someone merging the TA's own inputs.conf into a single master inputs.conf (/opt/splunk/etc/deployment-apps/_server_app_Windows_Clients/local/inputs.conf on the Deployment Server) and then deleting it - which seems to have broken things.

Thanks!

P.S. Apologies for the formatting - for some reason "Insert/Edit code sample" buttons don't work for me.

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎07-10-2020 05:31 PM
Most apps ship with an empty local directory, except for app.conf.
If your app is broken, re-install it.

The code button on this forum is non-intuitive. You must click the button with no text highlighted then enter your code into the pop-up box.
---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎07-10-2020 05:31 PM
Most apps ship with an empty local directory, except for app.conf.
If your app is broken, re-install it.

The code button on this forum is non-intuitive. You must click the button with no text highlighted then enter your code into the pop-up box.
---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

mitag
Contributor
‎07-11-2020 06:14 PM

Thank you, this was the answer:

"Most apps ship with an empty local directory, except for app.conf."

It's also implied in "Download and configure the Splunk Add-on for Windows version 6.0.0 or later":

"Copy the inputs.conf file in the default subdirectory to the local directory.<"

P.S. The app may not be broken after all - just unconfigured. Likely the "_server_app_Windows_Clients" needs to be cleaned up - cleared of things that were originally part of the add-on. (Don't ask. That person has left the building.)

P.P.S. What's the accepted format for quotes? E.g. quoting documentation or snippets from others' posts?

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎07-12-2020 10:10 AM 
P.P.S. What's the accepted format for quotes? E.g. quoting documentation or snippets from others' posts?

We don't have one, yet.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...