Splunk ITSI
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

ITSI Rules Engine stops with exception error

lperini_splunk
Splunk Employee
Splunk Employee
‎09-26-2022 05:39 AM

Here are the error messages

2022-09-26 12:38:02,976 ERROR [itsi_re(reId=cRdG)] [main] RulesEngineSearch:75 - RulesEngineTask=RealTimeSearch, Status=Stopped, FunctionMessage="java.lang.NoSuchMethodError: com.fasterxml.jackson.core.JsonParser.getReadCapabilities()Lcom/fasterxml/jackson/core/util/JacksonFeatureSet;"
host = myhost = _internalsource = /opt/splunk/var/log/splunk/itsi_rules_engine.log sourcetype = itsi_internal_log

2022-09-26 12:38:02,976 ERROR [itsi_re(reId=cRdG)] [main] RulesEngineSearch:74 - RulesEngineTask=RulesEngineJob, Status=Stopped
host = myhost = _internalsource = /opt/splunk/var/log/splunk/itsi_rules_engine.log sourcetype = itsi_internal_log

2022-09-26 12:38:02,902 DEBUG [itsi_re(reId=cRdG)] [main] PropertyLoader:209 - itsiRulesEngine.localConfigurationFile properties file is not defined.
host = myhost = _internalsource = /opt/splunk/var/log/splunk/itsi_rules_engine.log sourcetype = itsi_internal_log

All the SH are on the same lan/network, no firewall.

The ERROR [itsi_re(reId=yVNs)] [main] RulesEngineSearch:75 - RulesEngineTask=RealTimeSearch, Status=Stopped, FunctionMessage="java.lang.NoSuchMethodError: 'com.fasterxml.jackson.core.util.JacksonFeatureSet com.fasterxml.jackson.core.JsonParser.getReadCapabilities()'" is logged every minute.

Labels (3)
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lperini_splunk
Splunk Employee
Splunk Employee
‎09-26-2022 05:41 AM

 

This is a know issue documented here

https://docs.splunk.com/Documentation/ITSI/4.13.1/ReleaseNotes/Knownissues#Notable_Events

Bug ITSI-24488

Rules engine search fails to start after upgrade to ITSI 4.13.0

Workaround:
Move the jackson-core-2.10.0.jar and jackson-annotations-2.10.0.jar to the .bkup folder under $SPLUNK_HOME/etc/apps/SA-ITOA/lib/java/event_management/libs directory.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

lperini_splunk
Splunk Employee
Splunk Employee
‎09-26-2022 05:41 AM

 

This is a know issue documented here

https://docs.splunk.com/Documentation/ITSI/4.13.1/ReleaseNotes/Knownissues#Notable_Events

Bug ITSI-24488

Rules engine search fails to start after upgrade to ITSI 4.13.0

Workaround:
Move the jackson-core-2.10.0.jar and jackson-annotations-2.10.0.jar to the .bkup folder under $SPLUNK_HOME/etc/apps/SA-ITOA/lib/java/event_management/libs directory.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...