Hi at all, I installed Enterprise Security 7.2.0 on Splunk 9.1.1 and I'm receiving the following message: Unable to initialize modular input "confcheck_es_bias_language_cleanup" defined in the app ...
See more...
Hi at all, I installed Enterprise Security 7.2.0 on Splunk 9.1.1 and I'm receiving the following message: Unable to initialize modular input "confcheck_es_bias_language_cleanup" defined in the app "SplunkEnterpriseSecuritySuite": Unable to locate suitable script for introspection.. I searched on the documentation and at https://docs.splunk.com/Documentation/ES/7.2.0/Install/Upgradetonewerversion#After_upgrading_to_version_7.2.0 I fond the following indication: To prevent the display of the error messages, follow these workaround steps:
Modify following file:
On the search head cluster: /opt/splunk/etc/shcluster/apps/SplunkEnterpriseSecuritySuite/README/input.conf.spec On a standalone ES instance this file: /opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/README/input.conf.spec
Add the following comment at the end of the file:
###### Conf File Check for Bias Language ######
#[confcheck_es_bias_language_cleanup://default]
#debug = <boolean>
(optional) If you are on standalone search head, follow these additional steps:
Push changes to search head cluster by pushing the bundle apps.
Clean the messages from the top of the page so that they do not display again.
. In case of a standalone search head, restart the Splunk process. passing that in the page they are speaking of an upgrade and i'm newly installing, that the file name is wrong (input.conf instead inputs.conf) and that they say to modify a .spec file, but how commented statements can solve an issue? Obviously this solution didn't solved my issue. Is there anyone that can hint a solution to my issue? Thank you in avdance. Ciao. Giuseppe
