Installation
Highlighted

4.1.3 => 4.2.1 upgrade

Contributor

I'm upgrading from 4.1.3 to 4.2.1. I get the folloing when I restart splunk after the test upgrade. I'd like to get your thoughts on these notes. Thanks in advance.

[root@splunk-tester ~]# /etc/init.d/splunk start
Starting Splunk...

Splunk> Be an IT superhero. Go home early.

Checking prerequisites...
        Checking mgmt port [127.0.0.1:8089]: open
        Checking configuration...  Done.
        Checking index directory...
        Validated databases: _thefishbucket
        Done
Success
        Checking conf files for typos...
Possible typo in stanza [unix-all-logs] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 6: dispatch.earliest_time  =  -15m
Possible typo in stanza [Failed_SU] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 176: tag  =  application authentication verify failure
Possible typo in stanza [ssh-invalid-user] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 316: example  =  Dec 17 18:31:42 domU-12-31-39-03-01-11 sshd[31787]: input_userauth_request: invalid user php
Possible typo in stanza [ssh-close] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 326: Example  =  Dec 17 15:15:12 domU-12-31-39-03-01-11 sshd[24912]: Connection closed by 195.43.9.246
Possible typo in stanza [ssh-disconnect] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 330: example  =  Dec 17 18:31:44 domU-12-31-39-03-01-11 sshd[31792]: Received disconnect from 74.53.187.50: 11: Bye Bye
Possible typo in stanza [vmstat] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 373: sourcetype  =  vmstat
Possible typo in stanza [iostat] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 376: sourcetype  =  iostat
Possible typo in stanza [ps] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 379: sourcetype  =  ps
Possible typo in stanza [top] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 382: sourcetype  =  top
Possible typo in stanza [netstat] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 385: sourcetype  =  netstat
Possible typo in stanza [protocol] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 388: sourcetype  =  protocol
Possible typo in stanza [openPorts] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 391: sourcetype  =  openPorts
Possible typo in stanza [time] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 394: sourcetype  =  time
Possible typo in stanza [lsof] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 397: sourcetype  =  lsof
Possible typo in stanza [df] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 400: sourcetype  =  df
Possible typo in stanza [who] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 403: sourcetype  =  who
Possible typo in stanza [usersWithLoginPrivs] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 406: sourcetype  =  usersWithLoginPrivs
Possible typo in stanza [lastlog] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 409: sourcetype  =  lastlog
Possible typo in stanza [interfaces] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 412: sourcetype  =  interfaces
Possible typo in stanza [cpu] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 415: sourcetype  =  cpu
Possible typo in stanza [auditd] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 418: sourcetype  =  auditd
Possible typo in stanza [package] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 421: sourcetype  =  package
Possible typo in stanza [hardware] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 424: sourcetype  =  hardware
There might be typos in your conf files. For more information, run 'splunk btool check --debug'
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
                                                           [  OK  ]
Tags (1)
0 Karma
Highlighted

Re: 4.1.3 => 4.2.1 upgrade

Influencer