×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Lindquist91
New Member
Member since: ‎08-12-2022
‎08-20-2022
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-12-2022
View All

Why are their errors on new UF 9.0.0 installation ...

by in Installation
‎08-12-2022 09:38 AM
‎08-12-2022 09:38 AM
Hi, I decided to spin up my Splunk home environment again, and I'm running into an issue this time while installing my UF 9.0 on my Raspberry Pi. It's a Pi 4 B running Ubuntu 22.04.1 LTS on aarch64 architecture. I followed install instructions according to the installing a UNIX forwarder page from Splunk, and used the following bundle "splunkforwarder-9.0.0-6818ac46f2ec-Linux-armv8.tgz" . After getting some normal permissions things out of the way, I started the forwarder, this time it's giving me the error:       Invalid key in stanza [webhook] in /opt/splunkforwarder/etc/system/default/alert_actions.conf, line 229: enable_allowlist (value: false).       Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug'   so after running splunk btool check --debug | grep ' No spec' and 'Invalid' (these are all the errors types btool reported on) it returns the following after a clean install:       No spec file for: /opt/splunkforwarder/etc/apps/SplunkUniversalForwarder/default/app.conf No spec file for: /opt/splunkforwarder/etc/apps/introspection_generator_addon/default/app.conf No spec file for: /opt/splunkforwarder/etc/apps/search/default/app.conf No spec file for: /opt/splunkforwarder/etc/apps/splunk_internal_metrics/default/app.conf No spec file for: /opt/splunkforwarder/etc/manager-apps/_cluster/default/indexes.conf No spec file for: /opt/splunkforwarder/etc/system/default/app.conf No spec file for: /opt/splunkforwarder/etc/system/default/conf.conf No spec file for: /opt/splunkforwarder/etc/system/default/federated.conf No spec file for: /opt/splunkforwarder/etc/system/default/telemetry.conf Invalid key in stanza [webhook] in /opt/splunkforwarder/etc/system/default/alert_actions.conf, line 229: enable_allowlist (value: false).        I cannot really find answers on this topic. mostly related to other apps that people installed, but I only installed the universal forwarder, nothing else. I also am not sure what is the answer to the invalid key in the stanza for actions.conf and would like to know if there is a fix. I also found the following error, and read  online that it's not impacting the functionality of Splunk, but is there a way to suppress them and how can I be sure that it's not an issue?       Warning: Attempting to revert the SPLUNK_HOME ownership Warning: Executing "chown -R splunk /opt/splunkforward       my /opt/ permissions:       splunk@hostname:/opt/splunkforwarder$ ls -lia /opt 148855 drwxr-xr-x 10 splunk splunk 4096 Aug 12 15:47 splunkforwarder       Any help would be appreciated on this. I am trying to get the cleanest start possible, because on my last run I had a problem with the way my data was being ingested (the 'sourcetype too small' problem) and i wasn't able to fix it back then. Kind regards ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎08-20-2022 06:23 PM