Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

/opt/ee_splunk/splunk/etc/apps/splunk_essentials_8_2/default/app.conf' changed. in SHC

btshivanand
Path Finder
‎06-22-2021 11:22 PM

Hi all

Some how splunk_essentials_8_2 directopry got removed from this directory /opt/splunk/etc/apps .later i replicated this directory from other instance.But i see the below error.can some one help with this.

Validating installed files against hashes from '/opt/ee_splunk/splunk/splunk-8.2.0-e053ef3c985f-linux-2.6-x86_64-manifest'
File '/opt/ee_splunk/splunk/etc/apps/splunk_essentials_8_2/default/app.conf' changed.
Problems were found, please review your files and move customizations to local

 

 

 

Labels (1)
Labels
0 Karma
Reply

Losde
Splunk Employee
Splunk Employee
‎11-23-2021 05:46 AM

This is a known issue reported in this version, please verify the following information: SPL-208259, SPL-210931, SPL-211811
https://docs.splunk.com/Documentation/Splunk/8.2.2/ReleaseNotes/KnownIssues

Workaround:
Copy splunk_essentials_8_2 into the deployer's $SPLUNK_HOME/etc/shcluster/apps.

0 Karma
Reply

Forseti_
Engager
‎07-15-2021 10:52 AM

I am having a similar issue but in my case the complete app gets removed from all shc members. I feel like removing the hash is more of a hack than a solution.

This is a default app that shouldn't be removed; seems like a bug to me.

0 Karma
Reply

aledantas2k12
Explorer
‎07-15-2021 04:38 PM

Hi mate.

It's the same issue. The whole app gets removed from all SHC members. It's a hack indeed, but only solution since the app got removed and there is no way to put it back without changing the hash.

Indeed. It's a bug...

Reply

codebuilder
Influencer
‎06-29-2021 11:25 AM

Instead of copying the directory over from another SH you should re-deploy the app via deployer.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply

aledantas2k12
Explorer
‎06-30-2021 11:16 PM

Just delete following line: '/opt/ee_splunk/splunk/etc/apps/splunk_essentials_8_2/default/app.conf
From the splunk manifest in /opt/ee_splunk/splunk

Sometimes Apps created during the installation ( The ones that splunk keeps a manifest), if they get pushed by the SHC deployer,  the checksum can get modified when the members get it.

I had the same issue with this App and the only way I could get it working was by deleting the record...

The App booked a one way flight to Belize when I created the Search Head Cluster. 

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...