Splunk Cloud Platform

Invalid key in stanza [tcpout:splunkcloud]

senz79
New Member

I am trying to configure Splunk Cloud Forwarder for the first time. I am getting the below error, please help

Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\splunkclouduf\default\outputs.conf
Invalid key in stanza [tcpout:splunkcloud] in C:\Program Files\SplunkUniversalForwarder\etc\apps\splunkclouduf\default\outputs.conf, line 14: cipherSuit
E-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES
Did you mean 'channelReapInterval'?
Did you mean 'channelReapLowater'?
Did you mean 'channelTTL'?
Did you mean 'compressed'?
Did you mean 'connectionTimeout'?

Tags (1)
0 Karma

jlyvm05
New Member

I have the same error when starting with older UF.

My solution was:
1: Download the latest UF from Splunk Website
2: Uninstall the current UF
3: Re-install the latest downloaded UF
4: Start it. No more error found.

Hope this helps.

0 Karma

senz79
New Member

C:\Program Files\SplunkUniversalForwarder\bin>splunk restart
SplunkForwarder: Stopped

Splunk> The IT Search Engine.

Checking prerequisites...
Checking mgmt port [8090]: open
Checking conf files for problems...
Invalid key in stanza [tcpout:splunkcloud] in C:\Program Files\SplunkUniversalForwarder\etc\apps\splunkclouduf\default\outputs.conf, line 14: cipherSuit
-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES1
Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug'
Done
Checking default conf files for edits...
Validating installed files against hashes from 'C:\Program Files\SplunkUniversalForwarder\splunkforwarder-6.4.10-1c39464735cc-windows-64-manifest'
All installed files intact.
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...

SplunkForwarder: Starting (pid 5516)

Still getting the same error

0 Karma

richgalloway
SplunkTrust
SplunkTrust

When processing a .conf file, Splunk verifies all keywords left of '=' are mentioned in a .conf.spec file. Check the outputs.conf.spec file for that app to make sure "cipherSuit" is spelled correctly.

---
If this reply helps you, Karma would be appreciated.
0 Karma

senz79
New Member

I am still getting the same issue

C:\Program Files\SplunkUniversalForwarder\bin>splunk restart
SplunkForwarder: Stopped

Splunk> The IT Search Engine.

Checking prerequisites...
Checking mgmt port [8090]: open
Checking conf files for problems...
Invalid key in stanza [tcpout:splunkcloud] in C:\Program Files\SplunkUniversalForwarder\etc\apps\splunkclouduf\default\outputs.conf, line 14: cipherSui
-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES
Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug'
Done
Checking default conf files for edits...
Validating installed files against hashes from 'C:\Program Files\SplunkUniversalForwarder\splunkforwarder-6.4.10-1c39464735cc-windows-64-manifest'
All installed files intact.
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...

SplunkForwarder: Starting (pid 12840)
Done

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Now the error message is about "cipherSui" and originally it was about "cipherSuit". Could the correct value be "cipherSuite"?

---
If this reply helps you, Karma would be appreciated.
0 Karma

senz79
New Member

I have tried all options and combination for the spelling

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...