Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to solve this problem >Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED___default-autolb-grou

idris_tester
Explorer
3 weeks ago

Hi everybody !

 

How to solve this problem

 

>Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED___default-autolb-group_DESKTOP-MOUI7DHDF_10

 

Cuplikan layar 2025-08-15 104009.png

 

This prevents me from accessing the user and roles list page as an administrator, so I cannot invite new users.

 

Idris,

Thanks

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
3 weeks ago

Hi @idris_tester 

I don’t think this issue is preventing you from adding users. Does this instance have a Free license applied? The free license has limitations including no user management (see https://help.splunk.com/en/data-management/splunk-enterprise-admin-manual/9.2/configure-splunk-licenses/about-splunk-free )

 

 

🌟 Did this answer help you? If so, please consider:

    • Adding karma to show it was useful
    • Marking it as the solution if it resolved your issue
    • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing.

Reply

idris_tester
Explorer
3 weeks ago

Hi @livehybrid , Thank you for your explanation. It seems that the cause is that the enterprise version I downloaded is a free license version. However, how can I upgrade it so that I can invite new users? I was invited to join the Splunk Private Bug Bounty program, and I need an account and license that can invite new users to test the website and API path. Thanks, Idris

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
3 weeks ago

Hi @idris_tester 

You should probably speak to the bounty program team to get a license provided, or see if you can change it to Trial license at https://yourSplunkInstance/en-US/manager/system/licensing

In order to access all the Splunk features you will need a full license. There are other license types available - see https://docs.splunk.com/Documentation/Splunk/9.4.2/Admin/TypesofSplunklicenses for more info and check out https://www.splunk.com/en_us/resources/personalized-dev-test-licenses/faq.html?locale=en_us for FAQs - However I think these dev/test licenses require a production paid license too. 

I think the best approach here is to speak to the people running the bounty program and see if they can provide you a proper license.

Also - you are running this locally (127.0.0.1) - Are your users able to access your server on a local IP?

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply

idris_tester
Explorer
3 weeks ago

Hi @livehybrid ,


Thank you for your helpful answers.

How do I change access from local (127.0.0.1) to public or non-local? Initially, I was able to invite new members (second account) and then access the second account through a different browser, and it had been working for two days, but this morning, the user feature access suddenly disappeared.

 

 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
3 weeks ago

Check if your configuration contains errors.

/path/to/splunk btool check

 The messages.conf settings should not prevent you from loading the roles/users management sections of the ui however.

In what way it "prevents" you from adding users?

0 Karma
Reply

idris_tester
Explorer
3 weeks ago

Hi @PickleRick ,

Sorry, I don't quite understand what you mean, but this is what happens in my localhost browser. Can you help me fix it?

 

Thanks,

Idris

0 Karma
Reply

PrewinThomas
Motivator
3 weeks ago

@idris_tester 
-Can you check your outputs.conf for any invalid entries or missing config's.

-Check for any blocked errors highlighted in $SPLUNK_HOME/var/log/splunk/splunkd.log

Also check for any configuration conflicts or missing settings

$SPLUNK_HOME/bin/splunk btool outputs list --debug

 

Regards,
Prewin
If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

Reply

idris_tester
Explorer
3 weeks ago

Hi @PrewinThomas 

 

I don't know how to check outputs.conf for invalid entries on my device. Could you please help provide some steps that will help me a lot, I will appreciate it.

 

Thanks,

Idris

0 Karma
Reply

PrewinThomas
Motivator
3 weeks ago

@idris_tester 

No problem. Could you please share your basic architecture setup? Is it an All-In-One deployment?

Also, please run the command below on your Heavy Forwarder or All-In-One instance and provide the output (remember to mask any sensitive information).

$SPLUNK_HOME/bin/splunk btool outputs list --debug

 

Regards,
Prewin
If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

 

Regards,
Prewin
If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...