Installation

On migrating a Mac OS UF installation, I am prompted to that DeRez needs to install commandline developer tools?

althomas
Communicator

When upgrading the Universal Forwarder using the .tgz on Mac OS , a pop up appears and states the following:

The "DeRez" command requires the command line developer tools. Would you like to install the tools now?

If 'cancel' is selected, it appears not to affect anything, but I am unsure why this is happening. This appears to be happening when migrating the configuration when upgrading a Splunk UF version on Mac OS.

What is the "DeRez" command and what is not being migrated when this is happening?

 

Thanks!

 

 

-- Migration information is being logged to '/Applications/splunkforwarder/var/log/splunk/migration.log.2023-02-01.10-15-52' -- This appears to be an upgrade of Splunk. --------------------------------------------------------------------------------)
Splunk has detected an older version of Splunk installed on this machine. To finish upgrading to the new version, Splunk's installer will automatically update and alter your current configuration files. Deprecated configuration files will be renamed with a .deprecated extension. You can choose to preview the changes that will be made to your configuration files before proceeding with the migration and upgrade: If you want to migrate and upgrade without previewing the changes that will be made to your existing configuration files, choose 'y'. If you want to see what changes will be made before you proceed with the upgrade, choose 'n'.
Perform migration and upgrade without previewing configuration changes? [y/n] y
Migrating to: VERSION=9.0.2 BUILD=17e00c557dc1 PRODUCT=splunk PLATFORM=Darwin-universal
It seems that the Splunk default certificates are being used. If certificate validation is turned on using the default certificates (not-recommended), this may result in loss of communication in mixed-version Splunk environments after upgrade.
"/Applications/splunkforwarder/etc/auth/ca.pem": already a renewed Splunk certificate: skipping renewal
"/Applications/splunkforwarder/etc/auth/cacert.pem": already a renewed Splunk certificate: skipping renewal [DFS] Performing migration. [DFS] Finished migration.
[Peer-apps]
Performing migration.
[Peer-apps]
Finished migration.
Init script installed at /Library/LaunchDaemons//com.splunk.plist.
Init script is configured to run at boot.
Splunk> Another one. Checking prerequisites...
Management port has been set disabled; cli support for this configuration is currently incomplete.
Invalid key in stanza [webhook] in /Applications/splunkforwarder/etc/system/default/alert_actions.conf, line 229: enable_allowlist (value: false).
Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug' Checking conf files for problems... Done
Checking default conf files for edits...
Validating installed files against hashes from '/Applications/splunkforwarder/splunkforwarder-9.0.2-17e00c557dc1-darwin-universal2-manifest'
PYTHONHTTPSVERIFY is set to 0 in splunk-launch.conf disabling certificate validation for the httplib and urllib libraries shipped with the embedded Python interpreter; must be set to "1" for increased security All installed files intact. Done All preliminary checks passed.
Starting splunk server daemon (splunkd)... Done

 

 

mac-splunkuf-derez.png

Labels (3)
0 Karma

nyc_jason
Splunk Employee
Splunk Employee

Hello, looks like this is not the first time. going way back... https://community.splunk.com/t5/Installation/Why-am-I-getting-an-installation-failure-for-Splunk-6-2...

 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...