About casey_lee

casey_lee · ‎09-12-2012

Yes. I got the fix from the App owner as I was working with him at .conf2012 earlier today. He will update the code later on tonight to the repository. Should be version 2.0.2 or up. But to get your Splunk or search head working until the fix is ready, you have to go to find the indexer.conf file in the FireEye App and do the configuration change below to start the splunk again. /opt/splunk/etc/apps/{FireEye, or SplunkforFireEye}/default more indexes.conf [fireeye] for syslog data coldPath = $SPLUNK_DB/fireeye/colddb homePath = $SPLUNK_DB/fireeye/db thawedPath = $SPLUNK_DB/fireeye/thaweddb [fe] for xml fireeye logs coldPath = $SPLUNK_DB/fireeye/colddb homePath = $SPLUNK_DB/fireeye/db thawedPath = $SPLUNK_DB/fireeye/thaweddb [fe] for xml fireeye logs coldPath = $SPLUNK_DB/fe/colddb homePath = $SPLUNK_DB/fe/db thawedPath = $SPLUNK_DB/fe/thaweddb Hope this help.

casey_lee · ‎09-11-2012

Hello - I installed FireEye App a while ago on my search head. The search head failed to come back up after I restart it. Here is the output when I tried to start it again from command line. Any idea how to fix? splunkweb is not running. splunkd is not running. [FAILED] Splunk> Be an IT superhero. Go home early. Checking prerequisites... Checking http port [8000]: open Checking mgmt port [8089]: open Checking configuration... Done. Checking index directory... Problem parsing indexes.conf: The homePath "/opt/splunk/var/lib/splunk/fireeye/db" of index "fireeye" is repeated multiple times (already specified as homePath of index "fe"). Validating databases (splunkd validatedb) failed with code '1'. Please file a case online at http://www.splunk.com/page/submit_issue Thanks.

Posts	2
Solutions	0
Karma Given	1
Karma Received	0
Member Since	‎12-12-2011

Online Status	Offline
Date Last Visited	‎06-05-2020 02:03 AM

FireEye app installation breaked the Splunk Search...

Re: FireEye app installation breaked the Splunk Se...

FireEye app installation breaked the Splunk Search...