The problem is that the UDP 514 port is already enabled and data is coming in for syslog.
We just need to setup syslog to send data into Splunk and the home monitor index from your router. Let’s start by going to the $SPLUNK_HOME/etc/apps/homemonitor/local directory and making the changes to the config files there. If the local directory does not exist, create it and add the following files: props.conf, transforms.conf, app.conf. Let’s now modify the following files app.conf, transforms.conf and props.conf:
Add the following to
[install] is_configured = 1
Go to Settings -> Data Input -> UDP, click on 514 and then Advanced Settings, what is the Set Host component set to, IP, DNS or None? If it’s set to DNS, then use the the FQDN as the host, otherwise use the IP. For example, if it’s set to IP and the IP is 192.168.1.1, the entry will look like this [host::192.168.1.1] . Now let’s modify your props.conf:
Add the following to
[host::192.168.1.1] TRANSFORMS-homemonitor = index_redirect_to_homemonitor
Add the following line to
[index_redirect_to_homemonitor] REGEX = . DEST_KEY = _MetaData:Index FORMAT = homemonitor
Finally, in the inputs.conf file in the
$SPLUNK_HOME/etc/apps/homemonitor/default, modify the stanza [udp://514] to have
disabled = 0 instead of
disabled = 1.
Restart Splunk and the Home Monitor App should be able to be configured with your device source type and enable the bandwidth monitor. If you want to enable the bandwidth monitor for Windows, you just need to add the following stanza to your local
I am aware that the fix current involves making a change to the default
inputs.conf, but I will fix that in a later version of the app.
I've fixed this issue in the latest version 4.5.1 and explained the fix on this post : https://answers.splunk.com/answers/391218/why-am-i-unable-to-run-the-initial-home-monitor-ap.html
Let me know if you are still having any issues with the app.
Correction, I found out that if you already have UDP 514 enabled as syslog for another app this error comes up. I'm working on a work around fix and will post it shortly as an answer to this post and the other ones having the same issue.
Yes, I know why. It's because I broke the landing page after the setup.xml. I will fix this, but for now just go ahead and go to your home page http://splunk_server:8000 and just start using your app. I plan on having this fixed soon, just haven't had the time to fix it.