Hello everyone
I cannot package an app by following (at least tried) the instructions given on:
http://dev.splunk.com/view/SP-CAAAEMY#package
I did run this:
./splunk package app my_app
when in /$Splunk_HOME/bin and also in /$Splunk_HOME/etc/apps/my_app
got prompted in both cases for splunk user and pass, put the right ones and received error:
"an authentication error occurred: client is not authenticated"
I am the "splunk" user. And also the same if I am root and su - splunk
I have a Splunk Enterprise (expired Free) 6.5.2 on a Centos 7 Linux
please advise on how to prepare a .spl for my app.
at your disposal for further info
thank you very much
best regards
Altin
you must not be supplying the correct Splunk username and password. This isn't supposed to be the Linux user/pass but the Splunk user/pass
./splunk package app my_app -auth admin:password
Above would work without prompting for the user/pass but you'd have to escape special characters in the password with a '\'.
As far as I know you need to change the default user/pass for this to work too. So if you have admin:changeme, that isn't going to work until you change the password and restart Splunk.
you must not be supplying the correct Splunk username and password. This isn't supposed to be the Linux user/pass but the Splunk user/pass
./splunk package app my_app -auth admin:password
Above would work without prompting for the user/pass but you'd have to escape special characters in the password with a '\'.
As far as I know you need to change the default user/pass for this to work too. So if you have admin:changeme, that isn't going to work until you change the password and restart Splunk.
My Splunk Enterprise has expired and I am testing now on the Free edition.
There is no logon/logoff, no users and no roles.
I am supplying the Linux "splunk" user which is owner of the Splunk installation and daemon.
Does this mean that the method in discussion (OS CLI command-line) does not work for Free Splunk ?
I managed to make the .spl with the web method - but that is another issue.
best regards
Altin
Yep I think it's the free version that's your problem.. all you have to do is uninstall and reinstall. Thev you can go to Dev.splunk.com and get a developers license. that way you'll have up to 10gb/day for 6 months.
The Splunk cli password should never be your Linux password.
but always a Splunk software user!