Splunk Enterprise

Getting file integrity check for splunk file

pankajupadhyay
Path Finder

HI I am getting the below error.

But I do not make changes in default location but still i got this issue.

Can someone please help me to resolve this ?

 

How we can resolve this issue, ?

 

Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunk/splunk/splun k-7.2.5.1-962d9a8e1586-linux-2.6-x86_64-manifest'
Could not open '/opt/splunk/splunk/etc/apps/splunk_instrumentation/default/alert _actions.conf': No such file or directory
Could not open '/opt/splunk/splunk/etc/apps/splunk_instrumentation/default/app.c onf': No such file or directory
Could not open '/opt/splunk/splunk/etc/apps/splunk_instrumentation/default/colle ctions.conf': No such file or directory
Could not open '/opt/splunk/splunk/etc/apps/splunk_instrumentation/default/comma nds.conf': No such file or directory
Could not open '/opt/splunk/splunk/etc/apps/splunk_instrumentation/default/input s.conf': No such file or directory
Could not open '/opt/splunk/splunk/etc/apps/splunk_instrumentation/default/macro s.conf': No such file or directory
Could not open '/opt/splunk/splunk/etc/apps/splunk_instrumentation/default/props .conf': No such file or directory
Could not open '/opt/splunk/splunk/etc/apps/splunk_instrumentation/default/restm ap.conf': No such file or directory
Could not open '/opt/splunk/splunk/etc/apps/splunk_instrumentation/default/saved searches.conf': No such file or directory
Could not open '/opt/splunk/splunk/etc/apps/splunk_instrumentation/default/searc hbnf.conf': No such file or directory
Could not open '/opt/splunk/splunk/etc/apps/splunk_instrumentation/default/telem etry.conf': No such file or directory
Could not open '/opt/splunk/splunk/etc/apps/splunk_instrumentation/default/web.c onf': No such file or directory
Problems were found, please review your files and move customizations to local

 

 

Thanks

Regards

Pankaj

0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust
Yes that should fix it. Try to find the reason why it has been removed.

View solution in original post

0 Karma

pankajupadhyay
Path Finder

@isoutamo  I have checked and splunk_instrumentation this directory is missing but i do not how.

Yeah i do have similar version instance so can i copy that directory from there and it can resolve this issue.

 

Please correct me if i am wrong.

 

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Yes that should fix it. Try to find the reason why it has been removed.
0 Karma

pankajupadhyay
Path Finder

@isoutamo  Thanks for your help.

 

Yes problem has been resolved and i will try to find how that file has been removed from that location.

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Hi
this said that you haven't those files under /opt/splunk/etc/apps/splunk_instrumentation/default folder. Or other option is that "splunk user" haven't access rights to those.

Check that those exists and if then check access rights.
And if those are not there then you must get those there. At least two options: copy from another node if you have identical version or install again from installation package of same version which you have there. And remember the 2020 fix as your version is not at least. 7.2.9.1.
r. Ismo
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...