Splunk Search

Checkpoint OPSEC LEA add-on - deployment on clustered indexers failed

oferprtz
Path Finder

Hi all,

I've distrbuted add-on Checkpoint OPSEC LEA ADD-ON via 'distrube bundle' from master node.
the bundle was distributed correctly all files into the desired clustered indexers but the add-on failed to launch/start.

inside the splunkd.log file i can see the following error:
05-18-2014 11:36:19.609 +0000 ERROR AdminManager - Could not setup handler 'opsec_conf' due to missing file 'rest_opsec_conf.py'. Please ensure that it is in the bin subdirectory of the appropriate Splunk app path.

I've succeeded to deploy the same app to my forwarders nodes from the 'forwarder management' as a app and it works ok.
the only different between the forwarders and the indexers installation is that the forwarders installation path is: /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22
and in the indexers is: /opt/splunk/etc/slave-apps/Splunk_TA_opseclea_linux22

it could be that the app itself doesnt support different installation path?
if so, how can i overcome this?

thanks,
ofer.

rroussev_splunk
Splunk Employee
Splunk Employee

We haven't seen this issue before. Could you contact splunk support for help? They might ask you for a more detailed layout of the apps directories (as per http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Updatepeerconfigurations).

oferprtz
Path Finder

Thanks, will do.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...