Splunk Search

Checkpoint OPSEC LEA add-on - deployment on clustered indexers failed

Path Finder

Hi all,

I've distrbuted add-on Checkpoint OPSEC LEA ADD-ON via 'distrube bundle' from master node.
the bundle was distributed correctly all files into the desired clustered indexers but the add-on failed to launch/start.

inside the splunkd.log file i can see the following error:
05-18-2014 11:36:19.609 +0000 ERROR AdminManager - Could not setup handler 'opsec_conf' due to missing file 'rest_opsec_conf.py'. Please ensure that it is in the bin subdirectory of the appropriate Splunk app path.

I've succeeded to deploy the same app to my forwarders nodes from the 'forwarder management' as a app and it works ok.
the only different between the forwarders and the indexers installation is that the forwarders installation path is: /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22
and in the indexers is: /opt/splunk/etc/slave-apps/Splunk_TA_opseclea_linux22

it could be that the app itself doesnt support different installation path?
if so, how can i overcome this?


Splunk Employee
Splunk Employee

We haven't seen this issue before. Could you contact splunk support for help? They might ask you for a more detailed layout of the apps directories (as per http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Updatepeerconfigurations).

Path Finder

Thanks, will do.

0 Karma
Get Updates on the Splunk Community!

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...