Hi guys,
I installed Splunk App for Microsoft SQL Server, I followed all the steps. When I started splunk service I got the following error:
C:\Program Files\SplunkUniversalForwarder\bin>splunk start
Splunk> Needle. Haystack. Found.
Checking prerequisites...
Checking mgmt port [8089]: open
Checking conf files for problems...
Invalid key in stanza [WinEventLog:Microsoft-Windows-FailoverClu
stering] in c:\Program Files\SplunkUniversalForwarder\etc\apps\TA-SQLServer\defa
ult\inputs.conf, line 9: start_from (value: oldest)
Invalid key in stanza [WinEventLog:Microsoft-Windows-FailoverClu
stering] in c:\Program Files\SplunkUniversalForwarder\etc\apps\TA-SQLServer\defa
ult\inputs.conf, line 10: current_only (value: 0)
Invalid key in stanza [WinEventLog:Microsoft-Windows-FailoverClu
stering] in c:\Program Files\SplunkUniversalForwarder\etc\apps\TA-SQLServer\defa
ult\inputs.conf, line 11: checkpointInterval (value: 5)
Invalid key in stanza [perfmon://MSSQL:Databases] in c:\Program
Files\SplunkUniversalForwarder\etc\apps\TA-SQLServer\default\inputs.conf, line 1
49: counter (value: Active Transactions;Data File(s) Size (KB);Log File(s) Siz
e (KB);Log File(s) Used Size (KB);Transactions/sec)
Invalid key in stanza [perfmon://SQLServer:Databases] in c:\Prog
ram Files\SplunkUniversalForwarder\etc\apps\TA-SQLServer\default\inputs.conf, li
ne 157: counter (value: Active Transactions;Data File(s) Size (KB);Log File(s)
Size (KB);Log File(s) Used Size (KB);Transactions/sec)
Your indexes and inputs configurations are not internally consis
tent. For more information, run 'splunk btool check --debug'
Done
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
SplunkForwarder: Starting (pid 10968)
Done
Maybe I have not configure powershell correctly, can you please help me?
Not sure if this will help you...I am not familiar with the app...but, quoting from a customer comment on the troubleshooting topic in the documentation:
Here is some troubleshooting I did to help make the app work:
Windows Server 2008 R2 and Windows 2012 R2 - Open Powershell as Administrator
PS C:>Get-Execution Policy
If it's Restricted, then do the following:
PS C:>Set-Execution Policy Bypass
Say Yes to the Execution Policy Change.
Then run Get-ExecutionPolicy and see that it changed to Bypass:
PS C:> Get-ExecutionPolicy
Bypass
Once you have that done, now you'll need to make one more change.
Open your SQL Server Management Studio and log in as sysadmin (sa). Go to Security ->Logins -> NT AUTHORITYSYSTEM (Properties) and grant the user sysadmin Server Role. Apply the change and restart your Splunk service. (Thanks Adrian: http://answers.splunk.com/answers/108974/problem-with-powershell-and-splunk_for_sqlserver-app)
Once you have all these steps done, then go into the app and run the Lookup Table Rebuilder (Searches & Reports->Lookup Table Rebuilder)
index=mssql | stats count, values(sourcetype) by host
Thanks Chris!
Sorry, not sure what else to offer. Adrian will probably reply to this posting eventually, if no one else comes through.
Thanks Crhis,
I got this error
At line:1 char:14
+ Get-Execution <<<< Policy
+ CategoryInfo : ObjectNotFound: (Get-Execution:String) [], CommandNotFoundE
xception
+ FullyQualifiedErrorId : CommandNotFoundException
Thanks
Jose Rivera
Jose, note that the command should be "Get-ExecutionPolicy". All a single, hyphenated word.
You might want to check what version of Powershell you have. Do a Get-Host and see what version you have installed. I believe you want version 3.0+.