Splunk package error

automagication · ‎05-02-2024

Whenever I package the splunk app, I get execute permission error because I have 744 permission for conf files but splunk expects it to be 644.

With 644 permission I cannot package the app, is there any workaround for the same.

Below is the screenshot of the error.

automagication · ‎05-02-2024

Even untar and tar with different permissions, will not let me package because the permissions are 644, there is no execute permission

automagication · ‎05-02-2024

I followed the permissions from the list
https://dev.splunk.com/enterprise/reference/appinspect/appinspectcheck/?_gl=1*fchjpf*_ga*MTA4MzA2OTg...

automagication · ‎05-02-2024

No I use Linux ubuntu wsl on windows, I can set permissions correctly but the problem is with 644 permissions, I cant run slim package app-folder

richgalloway · ‎05-02-2024

Ubuntu on Windows is still Windows. I had the same problem. You have to use a real Linux box.

---
If this reply helps you, Karma would be appreciated.

richgalloway · ‎05-02-2024

I'm guessing you're packaging the app on a Windows machine. That will never work because Windows can't/won't set the file permissions correctly. When I used to package on Windows, I would transfer the .tgz file to a Linux system, explode it, change the permissions, then re-tar it and transfer back to the Windows machine for uploading.

---
If this reply helps you, Karma would be appreciated.

automagication · ‎05-02-2024

I don't think this is the issue, I am using linux

Splunk package error

Linux

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?