Solved: Why am I getting an error about No spec file on th...

BrandonKeep · ‎05-09-2018

I downloaded the latest version of the Splunk addon for linux and when deploying, I see this error in the web UI "No spec file for: /opt/splunk/etc/master-apps/Splunk_TA_nix/default/eventgen.conf"

The app was deployed and exists on the indexers. Just curious why I am seeing this on a fresh install.

What can I do to resolve this?
Regards,
Brandon

xpac · ‎05-10-2018

As far as I see this - because the TA ships with a eventgen.conf (which it shouldn't), and to correctly interpret such a config, Splunk would need the eventgen.conf.spec from the eventgen TA. As you don't have that it installed, it complains because it can't verify that .conf file. You can safely ignore this (and better, remove that eventgen.conf from the app at all).

View solution in original post

xpac · ‎05-10-2018

As far as I see this - because the TA ships with a eventgen.conf (which it shouldn't), and to correctly interpret such a config, Splunk would need the eventgen.conf.spec from the eventgen TA. As you don't have that it installed, it complains because it can't verify that .conf file. You can safely ignore this (and better, remove that eventgen.conf from the app at all).

BrandonKeep · ‎05-10-2018

Thanks for the clear answer.

Why am I getting an error about No spec file on the deployment server when deploying Splunk_TA_nix?

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!