Monitoring Splunk

How to skip it in file integrity check when we remove a file?

New Member

We removed a number of files to prevent problems with log4j.

Now when I run a file integrity check, the missing files are showing up as "missing". Since we know we removed them, I would like to have the file integrity check skip those files.

How do I do this?

Labels (2)
0 Karma

Esteemed Legend

Hi @jcauhape,

it wasn't a good idea, because in this way you mined the stability of the system.

Splunk gave many information about this bug and an immediate solution:

You can also use Splunk to detect this vulnerability: 

The best solution, as @richgalloway hinted, is migration to a new version without Log4j issue.

It's possible to bypass the Integrity Check deleting the deleted files from the $SPLUNK_HOME/manifest but I don't lie this solution because the deleted files had a purpose and in this way you have an incomplete and probably inconsistent system.



0 Karma


You could upgrade to a version that fixes the log4j issue or remove the file names from the manifest file.

If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...