This happens regardless of it I am installing fresh or upgrading to version 9.1.0.1an existing install. Every action that involves the splunk binary prepends all output with:
Warning: Attempting to revert the SPLUNK_HOME ownership
Warning: Executing "chown -R splunkfwd /opt/splunkforwarder"
I've tried manually running that, as Root! And it still persists even though now the contents under /opt/splunkforwarder are owned by splunkfwd recursively!
Thank you Sanjay, so yet another known issue huh? Upgrading/installing version 9 has a few it seems.
So, being as though I'm sure this is low priority is there any ETA on it at all? I have automation that handles the installing of the UF. Now when checking the returns/results of a service restart I need to make sure to include bits to ensure the 'Warning' generated doesn't cause me problems.
Hi @Skeer-Jamf
this is known issue, as long as splunkforwarder owned by correct user and working as expected, it wont cause any issue, refercene to known issues of UF
https://docs.splunk.com/Documentation/Splunk/9.1.0/ReleaseNotes/Knownissues
----
Regards,
Sanjay Reddy
----
If this reply helps you, Karma would be appreciated.
If your problem is resolved, then please click the "Accept as Solution" button to help future readers.
I want to point out that these two warnings are breaking my jobs because on some machines I am using the splunkforwarder CLI to run query on the splunk cluster and export the result to files.
https://docs.splunk.com/Documentation/Splunk/9.1.1/Search/ExportdatausingCLI
These two extra warning lines were now written to the export files as well.
I think it is ok for the CLI to print warnings, but the splunk CLI should follow the best practice and write these warnings to the stderr. But it's writing them to the stdout, so that we can't use the standard practice of " 2> err.txt 1> export.csv" to handle warnings.
Now I have to add these to ALL the script files which are running the splunkforwarder CLI, which is pretty ugly:
" | grep -vi "warning:" > export.csv"
Wish there is a flag to disable warnings, or the splunkforwarder CLI should at least write them to stderr instead of stdout.
It is a breaking issue as I cannot run btool on my forwarders that are throwing this message.