Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Update.sh in splunk add on for Linux and Unix is filling up space with dumps from yum update check on satellite

arjitg
Explorer
‎07-17-2024 06:03 AM

Hi everyone! This issue is exclusively for splunk universal forwarder v9.2.1 .. what’s happening here is the script  is dumping yum updates check on satellite thereby filling all the space in the servers. When checked ingernal logs, it seems the update.sh is installing the older version of these satellite linux packages and then throwing message as

message from "/opt/splunkforwarder/etc/apps/Splunk_TA_nix/bin/update.sh" Not using downloaded (satellite package name like rhel..blah..blah) because it is older than what we have:

Have any  one faced this particular issue? I am not able to understand why is the update.sh trying to install the older packages in the first place ... Can anyone suggest what can be done to resolve it? Thanks. 

Labels (3)
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...