All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

There are several issues to be fixed in the current app release of CIS Critical Security Controls.

guilmxm
SplunkTrust
SplunkTrust
‎03-22-2018 01:05 AM

Hello,

There are several things to be corrected within the current version of the application:

  • metdadata/local.meta

There should not be local.meta files when you publish the application in Splunk base, any stanza would need to migrated to default.meta and this file should removed from the package

Finally, the default.meta should be cleaned, removing references to SPlunk versions, setting up properly parents Meta and removing childs metata if not useful

  • metadata/local.meta Git conflict unleaned

There is an unclean Git conflict in both file, with lines:

<<<<<<< HEAD

Which will generates huge number of WARN messages in splunkd.

03-21-2018 10:16:44.658 +0000 WARN  IniFile - /opt/splunk/etc/apps/cis-controls-app-for-splunk/metadata/local.meta, line 148: Cannot parse into key-value pair: <<<<<<< HEAD
03-21-2018 10:16:44.658 +0000 WARN  IniFile - /opt/splunk/etc/apps/cis-controls-app-for-splunk/metadata/local.meta, line 360: Cannot parse into key-value pair: <<<<<<< HEAD
03-21-2018 10:17:05.418 +0000 WARN  ConfObjectManagerDB - /opt/splunk/etc/apps/cis-controls-app-for-splunk/metadata/local.meta, line 8: Error parsing setting:  = ======

And there are others errors like the usage of deprecated features and syntax in xml files, wrong authorisations on csv files, etc.

I would kindly suggest to use appinspect when building your package, such that you can automatically be informed of these issues and perform unit testing for code quality improvements.

http://dev.splunk.com/view/SP-CAAAFAK

Many thanks,

Regards,

Guilhem

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

aperez_splunk
Splunk Employee
Splunk Employee
‎03-22-2018 07:15 AM

Thanks for your kind words @guilmxm.

Please know that these issues (and others) are in the queue for correction in my repo when the next iteration is released.

Many thanks again.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

aperez_splunk
Splunk Employee
Splunk Employee
‎03-22-2018 07:15 AM

Thanks for your kind words @guilmxm.

Please know that these issues (and others) are in the queue for correction in my repo when the next iteration is released.

Many thanks again.

0 Karma
Reply
Solved! Jump to solution

aperez_splunk
Splunk Employee
Splunk Employee
‎03-22-2018 05:29 AM

Hi @guilmxm - app developer here.

Thanks for your note. Searching before posting would've turned this up as a known item.

Hopefully realworld usage of the app is useful for you despite these nuisance lines in splunkd.log.

Cheers.

0 Karma
Reply
Solved! Jump to solution

guilmxm
SplunkTrust
SplunkTrust
‎03-22-2018 05:53 AM

Hello !

And it's because it is a very good application, and an amazing work you've done, and because it is useful to many that I wanted to post in case you wouldn't be aware of that 😉

Cheers,

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...