Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About cult_hero13
cult_hero13
Loves-to-Learn
Member since:
01-30-2012
01-20-2023
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 01-30-2012 |
Activity Feed
- Posted Re: Core upgrade changes systemd unit file- Is there a way to keep my customizations? on Installation. 01-18-2023 12:52 PM
- Posted Core upgrade changes systemd unit file- Is there a way to keep my customizations? on Installation. 01-13-2023 02:21 PM
- Tagged Core upgrade changes systemd unit file- Is there a way to keep my customizations? on Installation. 01-13-2023 02:21 PM
- Tagged Core upgrade changes systemd unit file- Is there a way to keep my customizations? on Installation. 01-13-2023 02:21 PM
- Posted Re: Missing or malformed messages.conf stanza for INSTALLED_FILES_INTEGRITY:FOUND_INTEGRITY_PROBLEMS__1_splunk.domain.co on Splunk Enterprise. 06-18-2021 10:31 PM
- Posted Re: Slave license warning on Installation. 02-16-2021 06:38 AM
- Posted Re: Slave license warning on Installation. 10-20-2020 02:11 PM
- Posted Re: Splunk not receiving data from forwarders (needs restart) on Getting Data In. 04-05-2014 11:23 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
01-18-2023
12:52 PM
Correction... it doesn't seem to have anything to do with the upgrade but rather the use of (/opt/splunk/bin/splunk start|stop). If either of these commands are issued, whatever Splunkd.service file exists is renamed and replaced with a new one.
... View more
01-13-2023
02:21 PM
I use a slightly customized Splunkd systemd unit file. When I apply a core upgrade to my Splunk installation, I've found that my unit file has been renamed and replaced with what I can only assume is a default one from Splunk. Does anyone know if this is in a template file somewhere? I'm trying to see if there's a way to change it so it contains my customizations.
... View more
- Tags:
- boot-start
- systemd
Labels
- Labels:
-
Linux
06-18-2021
10:31 PM
I was running version 8.1.4 and upgraded to 8.20. Before the upgrade I had no messages other than that there was a new version available. After the upgrade I now get the message: Missing or malformed messages.conf stanza for INSTALLED_FILES_INTEGRITY:FOUND_INTEGRITY_PROBLEMS__889_server.domain.com The "889" is newer. It started out as "9". I compared the referenced messages.conf file to one I had on a test instance running version 8.1.2, specifically the referenced stanza, and they looked to be identical. I see this thread has been open for quite a long time and hasn't been answered, and the problem seems to have affected older versions. I guess I might have to ask some of the Splunk engineers in my professional capacity.
... View more
02-16-2021
06:38 AM
I didn't resolve it. It's still there, but my install has not stopped working either.
... View more
10-20-2020
02:11 PM
I'm getting something similar, but not quite the same: This pool contains slave(s) with 0 warning(s) I have only one instance of Splunk running, there are no slaves. It's installed on my syslog server. I hadn't noticed this message until today, after I changed my trial license to the free one. Is this something I should be addressing?
... View more
04-05-2014
11:23 PM
I spent too much of a day trying to figure out why 2 of 5 servers were not showing up in my Indexer. I tried removing then adding the forward-server information, restarting the forwarder over and over and even reinstalling the forwarder on each, but they just didn't show up. Using telnet I confirmed the connection was open and the Indexer was listening. In the forwarders' splunkd.log files I confirmed the connection was being made. Finally I happened to change my search string to "index=_internal host=*" and there they were, but there was only one source from each and it was $SPLUNK_HOME/var/log/splunk/splunkd.log. The other 3 servers that were working had many more sources. A little bit more searching and I found this command:
$SPLUNK_HOME/bin/splunk list monitor
Sure enough, only splunkd.log was being forwarded. So I ran:
$SPLUNK_HOME/bin/splunk add monitor /var/log
This was what the "working" servers showed in their "list monitor" results. When running "host=*" in the search app, there were the 2 servers that wouldn't work before.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-20-2023
06:23 PM
|
