Solved: WARNING: Illegal entry in configuration file: SHOW...

jbsplunk · ‎05-29-2013

I recently installed the Splunk Add-on for Check Point OSPEC LEA application (2.0.2), and my logs are being indexed. However, I'm finding these errors in my splunkd logs. Ideas?

05-24-2013 09:07:21.906 -0700 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/lea-loggrabber.sh --configentity SENTINEL-ONE_audit" WARNING: Illegal entry in configuration file: SHOW_FIELDNAMES="yes"

Chubbybunny · ‎05-29-2013

we've raised a product defect on this in 'OPSEC-109'

a quick easy fix to further prevent these errors:

/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/w1-loggrabber.conf: comment out line

#SHOW_FIELDNAMES="yes"

That should take care of the errors until a fix is out.

(\__/)
(='.'=)
(")_(")

View solution in original post

Chubbybunny · ‎05-29-2013

we've raised a product defect on this in 'OPSEC-109'

a quick easy fix to further prevent these errors:

/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/w1-loggrabber.conf: comment out line

#SHOW_FIELDNAMES="yes"

That should take care of the errors until a fix is out.

(\__/)
(='.'=)
(")_(")

roychen · ‎07-03-2013

Hi Chubbybunny, what does SHOW_FIELDNAMES do?

Also, will this product defect be resolved by Splunk in a future version of the add-on?

Chubbybunny · ‎05-29-2013

Sure, just be sure to comment the bunny out too!!!

jbsplunk · ‎05-29-2013

Do I need the bunny in the conf file too? 🙂

WARNING: Illegal entry in configuration file: SHOW_FIELDNAMES="yes" when using 2.0.2 of Check Point OSPEC LEA application?

New in Observability Cloud - Explicit Bucket Histograms

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...