Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to solve this problem >Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED___default-autolb-grou

idris_tester
Explorer
‎08-14-2025 08:43 PM

Hi everybody !

 

How to solve this problem

 

>Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED___default-autolb-group_DESKTOP-MOUI7DHDF_10

 

Cuplikan layar 2025-08-15 104009.png

 

This prevents me from accessing the user and roles list page as an administrator, so I cannot invite new users.

 

Idris,

Thanks

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎08-15-2025 03:15 AM

Hi @idris_tester 

I don’t think this issue is preventing you from adding users. Does this instance have a Free license applied? The free license has limitations including no user management (see https://help.splunk.com/en/data-management/splunk-enterprise-admin-manual/9.2/configure-splunk-licenses/about-splunk-free )

 

 

🌟 Did this answer help you? If so, please consider:

    • Adding karma to show it was useful
    • Marking it as the solution if it resolved your issue
    • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing.

Reply

idris_tester
Explorer
‎08-15-2025 03:51 AM

Hi @livehybrid , Thank you for your explanation. It seems that the cause is that the enterprise version I downloaded is a free license version. However, how can I upgrade it so that I can invite new users? I was invited to join the Splunk Private Bug Bounty program, and I need an account and license that can invite new users to test the website and API path. Thanks, Idris

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎08-15-2025 04:05 AM

Hi @idris_tester 

You should probably speak to the bounty program team to get a license provided, or see if you can change it to Trial license at https://yourSplunkInstance/en-US/manager/system/licensing

In order to access all the Splunk features you will need a full license. There are other license types available - see https://docs.splunk.com/Documentation/Splunk/9.4.2/Admin/TypesofSplunklicenses for more info and check out https://www.splunk.com/en_us/resources/personalized-dev-test-licenses/faq.html?locale=en_us for FAQs - However I think these dev/test licenses require a production paid license too. 

I think the best approach here is to speak to the people running the bounty program and see if they can provide you a proper license.

Also - you are running this locally (127.0.0.1) - Are your users able to access your server on a local IP?

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply

idris_tester
Explorer
‎08-15-2025 05:44 AM

Hi @livehybrid ,


Thank you for your helpful answers.

How do I change access from local (127.0.0.1) to public or non-local? Initially, I was able to invite new members (second account) and then access the second account through a different browser, and it had been working for two days, but this morning, the user feature access suddenly disappeared.

 

 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-14-2025 11:53 PM

Check if your configuration contains errors.

/path/to/splunk btool check

 The messages.conf settings should not prevent you from loading the roles/users management sections of the ui however.

In what way it "prevents" you from adding users?

0 Karma
Reply

idris_tester
Explorer
‎08-15-2025 03:55 AM

Hi @PickleRick ,

Sorry, I don't quite understand what you mean, but this is what happens in my localhost browser. Can you help me fix it?

 

Thanks,

Idris

0 Karma
Reply

PrewinThomas
Motivator
‎08-14-2025 09:04 PM

@idris_tester 
-Can you check your outputs.conf for any invalid entries or missing config's.

-Check for any blocked errors highlighted in $SPLUNK_HOME/var/log/splunk/splunkd.log

Also check for any configuration conflicts or missing settings

$SPLUNK_HOME/bin/splunk btool outputs list --debug

 

Regards,
Prewin
If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

Reply

idris_tester
Explorer
‎08-14-2025 09:15 PM

Hi @PrewinThomas 

 

I don't know how to check outputs.conf for invalid entries on my device. Could you please help provide some steps that will help me a lot, I will appreciate it.

 

Thanks,

Idris

0 Karma
Reply

PrewinThomas
Motivator
‎08-14-2025 09:24 PM

@idris_tester 

No problem. Could you please share your basic architecture setup? Is it an All-In-One deployment?

Also, please run the command below on your Heavy Forwarder or All-In-One instance and provide the output (remember to mask any sensitive information).

$SPLUNK_HOME/bin/splunk btool outputs list --debug

 

Regards,
Prewin
If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

 

Regards,
Prewin
If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...