Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

/opt/ee_splunk/splunk/etc/apps/splunk_essentials_8_2/default/app.conf' changed. in SHC

btshivanand
Path Finder
‎06-22-2021 11:22 PM

Hi all

Some how splunk_essentials_8_2 directopry got removed from this directory /opt/splunk/etc/apps .later i replicated this directory from other instance.But i see the below error.can some one help with this.

Validating installed files against hashes from '/opt/ee_splunk/splunk/splunk-8.2.0-e053ef3c985f-linux-2.6-x86_64-manifest'
File '/opt/ee_splunk/splunk/etc/apps/splunk_essentials_8_2/default/app.conf' changed.
Problems were found, please review your files and move customizations to local

 

 

 

0 Karma
Reply

Losde
Splunk Employee
Splunk Employee
‎11-23-2021 05:46 AM

This is a known issue reported in this version, please verify the following information: SPL-208259, SPL-210931, SPL-211811
https://docs.splunk.com/Documentation/Splunk/8.2.2/ReleaseNotes/KnownIssues

Workaround:
Copy splunk_essentials_8_2 into the deployer's $SPLUNK_HOME/etc/shcluster/apps.

0 Karma
Reply

Forseti_
Engager
‎07-15-2021 10:52 AM

I am having a similar issue but in my case the complete app gets removed from all shc members. I feel like removing the hash is more of a hack than a solution.

This is a default app that shouldn't be removed; seems like a bug to me.

0 Karma
Reply

aledantas2k12
Explorer
‎07-15-2021 04:38 PM

Hi mate.

It's the same issue. The whole app gets removed from all SHC members. It's a hack indeed, but only solution since the app got removed and there is no way to put it back without changing the hash.

Indeed. It's a bug...

Reply

codebuilder
Influencer
‎06-29-2021 11:25 AM

Instead of copying the directory over from another SH you should re-deploy the app via deployer.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply

aledantas2k12
Explorer
‎06-30-2021 11:16 PM

Just delete following line: '/opt/ee_splunk/splunk/etc/apps/splunk_essentials_8_2/default/app.conf
From the splunk manifest in /opt/ee_splunk/splunk

Sometimes Apps created during the installation ( The ones that splunk keeps a manifest), if they get pushed by the SHC deployer,  the checksum can get modified when the members get it.

I had the same issue with this App and the only way I could get it working was by deleting the record...

The App booked a one way flight to Belize when I created the Search Head Cluster. 

0 Karma
Reply
Get Updates on the Splunk Community!

Exciting News: The AppDynamics Community Joins Splunk!

Hello Splunkers,   I’d like to introduce myself—I’m Ryan, the former AppDynamics Community Manager, and I’m ...

The All New Performance Insights for Splunk

Splunk gives you amazing tools to analyze system data and make business-critical decisions, react to issues, ...

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...