Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Alma Linux 9.6 soar-prepare-system FAILED

Michal_Slezak
Engager
2 weeks ago

Dear community,

I would like to ask for help
Currently we are trying to run SOAR instance in LAB env , we are using Alma Linux

etc/os-release

NAME="AlmaLinux"
VERSION="9.6 (Sage Margay)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.6"
PLATFORM_ID="platform:el9"

when I run /opt/phantom/splunk-soar/soar-prepare-system

Detailed logs will be located at /opt/phantom/var/log/phantom/phantom_install_log
Preparing system for installation of Splunk SOAR 6.4.1.361
local variable 'platform' referenced before assignment
Pre-install failed.

Any ideas? I already read supported OS versions but Alma Linux 9.x should be fine since RHEL 9 is supported.

Thank you for any inputs

Labels (2)
0 Karma
Reply

Michal_Slezak
Engager
a week ago

Thank you guys for valuable inputs, I installed it on Oracle Linux 9 without any problem.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
2 weeks ago

Alma is not officially supported. It is "relatively close" to RHEL (although not fully 100% bug-for-bug compatible). It can be installed but it requires some tweaking of the install script (as far as I remember, it checks for supported distros so it will refuse to install unless you force it to). Still - it might be a way to run the community version in lab environment but it will not be supported so I wouldn't go prod with it.

Reply

livehybrid
SplunkTrust
SplunkTrust
2 weeks ago

Its also worth noting that, as you have highlighted, Alma Linux is not supported. Despite it being based on RHEL it *isnt* RHEL and therefore certain commands/libraries may be different or unavailable.

I have seen this error previously on Rocky Linux which I believe is also RHEL based but ultimately did not work for SOAR.

If possible please try the installation using RHEL9 and see if the issue goes away. You will be limited in terms of support from Splunk if not using a supported OS and any "fixes" to make the installation work may not persist and may cause other issues down the line.

🌟 Did this answer help you? If so, please consider:

    • Adding karma to show it was useful
    • Marking it as the solution if it resolved your issue
    • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing.

Reply

livehybrid
SplunkTrust
SplunkTrust
2 weeks ago

Hi @Michal_Slezak 

Were there any more detailed log in /opt/phantom/var/log/phantom/phantom_install_log which might give us more information about the platform variable referenced which it seems to be failing on?

🌟 Did this answer help you? If so, please consider:

    • Adding karma to show it was useful
    • Marking it as the solution if it resolved your issue
    • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing.

0 Karma
Reply
Get Updates on the Splunk Community!

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

The new SOC4Kafka connector, built on OpenTelemetry, enables the collection of Kafka messages and forwards ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Building Momentum: Splunk Developer Program at .conf25

At Splunk, developers are at the heart of innovation. That’s why this year at .conf25, we officially launched ...