Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Would you show steps on how to check / fix file integrity check errors on Splunk Ent. / ES

SamHTexas
Builder
‎06-08-2021 07:50 AM

How to check / fix file integrity check errors on Splunk Ent. / ES. Thank u

Labels (1)
Labels
Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-08-2021 05:08 PM

Splunk will find the files for you.  When it finds one you should see a message in the Messages dropdown.  Click on it for details.  The fix is to replace the file with the one from the installation tarball.

---
If this reply helps you, Karma would be appreciated.
Reply

SamHTexas
Builder
‎06-09-2021 07:03 AM

Thank u sir for your message. The only description I found under check results column says " differs". So how severe of an issue is it sir not to deal with such errors? It seems like this error comes & goes (error goes away) from one server to another every few days. Thank u again.

Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-09-2021 05:27 PM

"Differs" is all Splunk can say because it's just comparing the current hash value of the file to that which it has on record.  To find the actual difference, you'd have to compare it to a known-good copy of the file (from the tarball or your backup).

Usually, a difference is not an issue, but that depends on the actual change(s) in the file.  Perhaps someone added a custom format to datetime.xml or maybe they screwed it up and some timestamps will fail to match.

I don't know why the issue would come and go.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...