How do I resolve these errors during start up of S...

di2esysadmin · ‎11-25-2014

Checking conf files for problems...
Improper stanza [dhcpd_server_dhcprelease] in /opt/splunk/etc/apps/unix/default/tags.conf, line 30
Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug'

When I run splunk btool check --debug, I get these errors

No spec file for: /opt/splunk/etc/apps/SA-Hydra/default/hydra_gateway.conf
No spec file for: /opt/splunk/etc/apps/SA-Hydra/default/hydra_node.conf
No spec file for: /opt/splunk/etc/apps/SA-ldapsearch/default/ldap.conf
No spec file for: /opt/splunk/etc/apps/SA-ldapsearch/default/logging.conf
No spec file for: /opt/splunk/etc/apps/Splunk_TA_nix/default/eventgen.conf
No spec file for: /opt/splunk/etc/apps/Splunk_TA_ontap/default/hydra_node.conf
No spec file for: /opt/splunk/etc/apps/Splunk_TA_ontap/default/ta_ontap_collection.conf
No spec file for: /opt/splunk/etc/apps/ossec/default/ossec_servers.conf
No spec file for: /opt/splunk/etc/apps/splunk_management_console/default/logging.conf
No spec file for: /opt/splunk/etc/apps/unix/default/eventgen.conf
No spec file for: /opt/splunk/etc/system/default/conf.conf
No spec file for: /opt/splunk/etc/system/default/prefs.conf
No spec file for: /opt/splunk/etc/system/local/migration.conf

krusty · ‎01-13-2015

To solve the problem, I double checked the output of splunk btool check --debug | grep -i improper. I found out that there are two configuration files which define [dhcpd_server_dhcpreleases].
1. /opt/splunk/etc/apps/Splunk_TA_nix/default/tags.conf
2. /opt/splunk/etc/apps/unix/default/tags.conf

I know that we shouldn't change any entries in "default" config files but, if I changed the [dhcpd_server_dhcpreleases]to [eventtype=dhcpd_server_dhcpreleases]in both config files, the error Messages are gone.

Hope that helps.

christopher_stj · ‎04-02-2015

This solved the problem for me. I did not have /opt/splunk/etc/apps/unix/default/tags.conf. I only changed the entry in Splunk_TA_nix/default/tags.conf and that worked.

fdi01 · ‎12-17-2014

reinstall your splunk 6.2.
I had the same problem with my splunk6.2 version I have changes to make another version "splunk-6.2.0-237341-Linux-i686.tgz" that I installed without removing the other, and that is ok because when I run ./splunk btool check --debug, I have the following:
Checking: /opt/splunk/etc/system/default/outputs.conf
Checking: /opt/splunk/etc/system/default/pdf_server.conf
No spec file for: /opt/splunk/etc/system/default/prefs.conf
Checking: /opt/splunk/etc/system/default/procmon-filters.conf
Checking: /opt/splunk/etc/system/default/props.conf
Checking: /opt/splunk/etc/system/default/restmap.conf
Checking: /opt/splunk/etc/system/default/times.conf
Checking: /opt/splunk/etc/system/default/viewstates.conf
Checking: /opt/splunk/etc/system/default/web.conf
Checking: /opt/splunk/etc/system/default/workflow_actions.conf
Checking: /opt/splunk/etc/system/local/inputs.conf
No spec file for: /opt/splunk/etc/system/local/migration.conf
Checking: /opt/splunk/etc/system/local/server.conf
............

see my configuration in /opt/splunk/etc/apps/Splunk_TA_nix/default/tags.conf file.
###### DHCP ######
[eventtype=dhcpd_server]
dhcp = enabled
network = enabled
session = enabled
unix = enabled

[eventtype=dhcpd_start]
start = enabled

[eventtype=dhcpd_unable_unexpected]
error = enabled

[dhcpd_server_dhcprelease]
end = enabled

krusty · ‎12-08-2014

Hi there,

we have exaclty the same message when we start/restart our splunk indexer.

Does anyone know where the issue come from?

Kind regards.

ksiaze · ‎12-16-2014

nobody knows how to resolve this problem?

How do I resolve these errors during start up of Splunk 6.2?

other

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes