Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About mygoalfinder
mygoalfinder
Explorer
Member since:
03-21-2023
01-29-2024
Community Statistics
| Posts | 15 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 1 |
| Member Since | 03-21-2023 |
Activity Feed
- Posted Can you removed a destination app from the sourcetype via gui in splunk Cloud? on All Apps and Add-ons. 04-27-2023 10:40 AM
- Karma Re: Upgrading Linux Universal Forwarders Failed with custom upgrade app for Tom_Lundie. 04-26-2023 08:27 AM
- Posted Why is sourcetype defined as host in Splunk Cloud? on Getting Data In. 04-14-2023 10:05 AM
- Posted Re: Upgrading Linux Universal Forwarders Failed with custom upgrade app on Installation. 03-27-2023 01:07 PM
- Posted Re: Upgrading Linux Universal Forwarders Failed with custom upgrade app on Installation. 03-24-2023 06:24 PM
- Karma Re: Upgrading Linux Universal Forwarders Failed with custom upgrade app for Tom_Lundie. 03-24-2023 05:40 PM
- Posted Re: Upgrading Linux Universal Forwarders Failed with custom upgrade app on Installation. 03-24-2023 03:38 PM
- Posted Re: Upgrading Linux Universal Forwarders Failed with custom upgrade app on Installation. 03-24-2023 12:30 PM
- Got Karma for Re: Upgrading Linux Universal Forwarders Failed with custom upgrade app. 03-24-2023 12:16 PM
- Posted Re: Upgrading Linux Universal Forwarders Failed with custom upgrade app on Installation. 03-24-2023 12:14 PM
- Posted Re: Upgrading Linux Universal Forwarders Failed with custom upgrade app on Installation. 03-24-2023 11:18 AM
- Posted Re: Upgrading Linux Universal Forwarders Failed with custom upgrade app on Installation. 03-24-2023 10:29 AM
- Posted Re: Upgrading Linux Universal Forwarders Failed with custom upgrade app on Installation. 03-24-2023 09:19 AM
- Posted Re: Upgrading Linux Universal Forwarders Failed with custom upgrade app on Installation. 03-23-2023 02:30 PM
- Posted Upgrading Linux Universal Forwarders Failed with custom upgrade app on Installation. 03-23-2023 12:52 PM
- Posted Why does the Splunk Universal Forwarder shut down after assigning app to client for upgrade? on Installation. 03-21-2023 10:33 AM
- Posted Re: forwarder shutdown after start on Installation. 03-21-2023 10:26 AM
- Posted Re: forwarder shutdown after start on Installation. 03-21-2023 09:39 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
04-27-2023
10:40 AM
I am running into an issue where my sourcetype is in the wrong destination app. What can I do to fix this? via splunk cloud
... View more
Labels
- Labels:
-
troubleshooting
04-14-2023
10:05 AM
I created a inputs.conf on my deployment server and noticed that my logs were coming in as my sourcetype instead of my host. Once the I assigned it to the client, I couldn't find the logs. I noticed they were my sourcetype instead of it normally being the host.
... View more
Labels
- Labels:
-
host
-
sourcetype
03-27-2023
01:07 PM
Update on this task, I looked in the splunkd_stderr.log. This is reproduced each time I am activating the custom upgrade app. 2023-03-27 14:45:09.335 -0500 Interrupt signal received sent by PID 5126, command="/opt/splunkforwarder/bin/splunk stop" (UID 59867, same as my group) 2023-03-24 19:42:11.991 -0500 Interrupt signal received sent by PID 18532, command="/opt/splunkforwarder/bin/splunk stop" (UID 59867, same as my group) 2023-03-24 19:46:48.324 -0500 splunkd started (build 08187535c166) pid=19122 2023-03-24 19:46:54.620 -0500 Interrupt signal received sent by PID 19218, command="/opt/splunkforwarder/bin/splunk stop" (UID 59867, same as my group) I removed the > /dev/null 2>&1 from the wrapper.sh and manually upgraded it. It worked fine as well as the splunkd is continuing to run. However the automated process is what's not working. Which is interesting. Leaving the > /dev/null 2>&1 in the wrapper.sh causes it not to manually upgrade also. So it seems like
... View more
03-24-2023
06:24 PM
As I am using the script that you updated, it is not bringing in any logs inside of the folder. That directory isn't being created also. Which is very odd. The wrapper is just as you stated. It installs splunk and accepts the license. However, It will not stay up now. Which is the odd part now. Splunk Continues to shut down each time I restart it.
... View more
03-24-2023
03:38 PM
Another update after testing, I realize that the issue may be with the tar. Removing -v from it worked, but did not start splunk. I had to go into the bin directory and manually accept the license. The server automatically shuts down afterwards. I am assuming that it's still in a loop.
... View more
03-24-2023
12:30 PM
I am unable to provide the information. My Vm freezes in the process.
... View more
03-24-2023
12:14 PM
1 Karma
Weird enough, I am having issues applying those commands. sorry for delay.
... View more
03-24-2023
11:18 AM
Can I clarify, On the wrapper script, does the entire if then statement need to be added into the wrapper.sh?
... View more
03-24-2023
10:29 AM
I am using systemd and Red Hat OS
... View more
03-24-2023
09:19 AM
I made some progress so far. I removed the v out of the tar -xf. That did work when it came to installing it. I just had to manually start the server. Now I need to figure out how to get the --accept license to be accepted again. So good to see progress was made, however when I made the change inside of the wrapper script and added the script below, as well as the echo starting splunk, It stopped and didn't run the update. ( /opt/splunkforwarder/etc/apps/splunk_upgrade_lin_v8/bin/upgrade.sh & ) > /dev/null 2>&1 Adding the echo Do I need to add the entire if then statement into the wrapper.sh? #!/bin/bash # set splunk path SPLUNK_HOME=/opt/splunkforwarder # set desired version NVER=8.2.2 # determine current version CVER=`cat $SPLUNK_HOME/etc/splunk.version | grep VERSION | cut -d= -f2` if [ "$NVER" != "$CVER" ] then echo "Upgrading Splunk to $NVER." $SPLUNK_HOME/bin/splunk stop tar -xf $SPLUNK_HOME/etc/apps/splunk_upgrade_lin_v8/static/splunkforwarder-8.2.2-87344edfcdb4-Linux-x86_64.tgz -C /opt $SPLUNK_HOME/bin/splunk start --accept-license --answer-yes fi
... View more
03-23-2023
02:30 PM
#!/bin/bash ( /opt/splunkforwarder/etc/apps/splunk_upgrade_lin_v8/bin/upgrade.sh & )
... View more
03-23-2023
12:52 PM
Hello, I am having issues with my splunk universal fowarders. Problem: The Splunk Universal Forwarders are not upgrading from version 7.2.6 to Version 8 using the custom app I developed. However, The custom app is a replica of 7.2.6. I created a another app that has the exact same features as version 7.2.6. However, once it shuts down, it does not restart or upgrade the server. Here is the custom app. #!/bin/bash # set splunk path SPLUNK_HOME=/opt/splunkforwarder # set desired version NVER=8.2.2 # determine current version CVER=`cat $SPLUNK_HOME/etc/splunk.version | grep VERSION | cut -d= -f2` if [ "$NVER" != "$CVER" ] then echo "Upgrading Splunk to $NVER." $SPLUNK_HOME/bin/splunk stop tar -xvf $SPLUNK_HOME/etc/apps/splunk_upgrade_lin_v8/static/splunkforwarder-8.2.2-87344edfcdb4-Linux-x86_64.tgz -C /opt $SPLUNK_HOME/bin/splunk start --accept-license --answer-yes fi In the static folder, it has the splunkforwarder-8.2.2-87344edfcdb4-Linux-x86_64.tgz. In the bin directory, the script above is the upgrade.sh and the wrapper.sh I created points to this upgrade.sh In the local directory, this is what I have listed. [script://./bin/wrapper.sh] disabled = false interval = 3600 sourcetype = upgrade_linuxv8 Once again. This custom apps work completely fine with 7.2.6. Any version after that, splunk just stops once the app is assigned to the client, then the splunkforwarder shuts down and doesn't come back until I force remove the app (rm -rf) and restart splunk. Does Anyone has a work around with this?
... View more
Labels
- Labels:
-
Linux
-
scripted input
-
universal forwarder
03-21-2023
10:33 AM
Hello, I am upgrading 800 splunk universal forwarders with Red Hat Linux OS. Using this custom app When I assign this custom app to the universal forwarders, it shuts down and does not start again. With version 7.2.6, it works fine. With no issue. Anything after that version, the script does not work. 03-21-2023 12:26:05.128 -0500 INFO PipelineComponent - Performing early shutdown tasks 03-21-2023 12:26:05.128 -0500 INFO loader - Shutdown HTTPDispatchThread 03-21-2023 12:26:05.128 -0500 INFO ShutdownHandler - Shutting down splunkd 03-21-2023 12:26:05.128 -0500 INFO ShutdownHandler - shutting down level "ShutdownLevel_Begin" 03-21-2023 12:26:05.128 -0500 INFO ShutdownHandler - shutting down level "ShutdownLevel_FileIntegrityChecker" 03-21-2023 12:26:05.128 -0500 INFO ShutdownHandler - shutting down level "ShutdownLevel_JustBeforeKVStore
... View more
03-21-2023
10:26 AM
Yes the script stops the forwarder, but does not start back up. Using the exact same script that was listed above in the link the other user provided.
... View more
03-21-2023
09:39 AM
Hi I am having the exact same issue. I am attempting to use that script to upgrade my infrastructure, but it stops immediately after assigning it to the clients. Why is that? What could be a workaround for this? I also tested it manually. The script works fine manually, but refuses to upgrade automatically. It just shuts down.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-29-2024
07:07 PM
|
