Installation

4.1.3 => 4.2.1 upgrade

DTERM
Contributor

I'm upgrading from 4.1.3 to 4.2.1. I get the folloing when I restart splunk after the test upgrade. I'd like to get your thoughts on these notes. Thanks in advance.

[root@splunk-tester ~]# /etc/init.d/splunk start
Starting Splunk...

Splunk> Be an IT superhero. Go home early.

Checking prerequisites...
        Checking mgmt port [127.0.0.1:8089]: open
        Checking configuration...  Done.
        Checking index directory...
        Validated databases: _thefishbucket
        Done
Success
        Checking conf files for typos...
Possible typo in stanza [unix-all-logs] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 6: dispatch.earliest_time  =  -15m
Possible typo in stanza [Failed_SU] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 176: tag  =  application authentication verify failure
Possible typo in stanza [ssh-invalid-user] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 316: example  =  Dec 17 18:31:42 domU-12-31-39-03-01-11 sshd[31787]: input_userauth_request: invalid user php
Possible typo in stanza [ssh-close] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 326: Example  =  Dec 17 15:15:12 domU-12-31-39-03-01-11 sshd[24912]: Connection closed by 195.43.9.246
Possible typo in stanza [ssh-disconnect] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 330: example  =  Dec 17 18:31:44 domU-12-31-39-03-01-11 sshd[31792]: Received disconnect from 74.53.187.50: 11: Bye Bye
Possible typo in stanza [vmstat] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 373: sourcetype  =  vmstat
Possible typo in stanza [iostat] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 376: sourcetype  =  iostat
Possible typo in stanza [ps] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 379: sourcetype  =  ps
Possible typo in stanza [top] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 382: sourcetype  =  top
Possible typo in stanza [netstat] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 385: sourcetype  =  netstat
Possible typo in stanza [protocol] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 388: sourcetype  =  protocol
Possible typo in stanza [openPorts] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 391: sourcetype  =  openPorts
Possible typo in stanza [time] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 394: sourcetype  =  time
Possible typo in stanza [lsof] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 397: sourcetype  =  lsof
Possible typo in stanza [df] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 400: sourcetype  =  df
Possible typo in stanza [who] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 403: sourcetype  =  who
Possible typo in stanza [usersWithLoginPrivs] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 406: sourcetype  =  usersWithLoginPrivs
Possible typo in stanza [lastlog] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 409: sourcetype  =  lastlog
Possible typo in stanza [interfaces] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 412: sourcetype  =  interfaces
Possible typo in stanza [cpu] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 415: sourcetype  =  cpu
Possible typo in stanza [auditd] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 418: sourcetype  =  auditd
Possible typo in stanza [package] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 421: sourcetype  =  package
Possible typo in stanza [hardware] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 424: sourcetype  =  hardware
There might be typos in your conf files. For more information, run 'splunk btool check --debug'
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
                                                           [  OK  ]
Tags (1)
0 Karma
1 Solution

twinspop
Influencer

twinspop
Influencer

This previous question/answer may help

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...