cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
rballan2
Loves-to-Learn Lots
Member since: ‎07-27-2019
‎03-28-2022
Community Statistics
Posts 14
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-27-2019
Activity Feed
View All

Experiencing error when upgrading SP from 8.0.1 to...

by in Splunk Enterprise
‎03-25-2022 11:15 AM
‎03-25-2022 11:15 AM
I am working to upgrade SPLUNK Version from 8.0.1 to 8.2.2.1 (Solaris 11.3 O.S.). After the upgrade I see the below output, which is fine. pkg info -l splunkforwarder Name: application/splunkforwarder Summary: Splunk Universal Forwarder Description: Splunk> The platform for machine data. Category: Applications/Internet State: Installed Publisher: splunk Version: 8.2.2.1 Build Release: 191762265523787 Branch: None Packaging Date: Wed Sep 15 09:07:09 2021 Last Install Time: Fri Mar 25 17:43:36 2022 Size: 58.43 MB FMRI: pkg://splunk/application/splunkforwarder@8.2.2.1,191762265523787:20210915T090709Z when I try to start splunk I see the below error:  ./splunk start ld.so.1: splunk: fatal: relocation error: file splunk: symbol in6addr_any: referenced symbol not found Killed  Please any suggestion on this specific error ?  Thanks.  RB             ... View more

Re: Query information

by in Security
‎12-15-2021 03:53 AM
‎12-15-2021 03:53 AM
You are correct, I do not see it either. We are checking/verifying why we do not see any information that identifies which server (there are 2 UNIX server that are sending data to the Proxy server) is sending the syslog file to the proxy server. I will update the "query"/messages  as soon as I have the information. Thanks. ... View more

Re: Query information

by in Security
‎12-15-2021 02:42 AM
‎12-15-2021 02:42 AM
Below is an example of Event when I run the query:  index=nix* Proxyservername* Source is /var/adm/messages and /var/log/secure (UNIX LOGS). Selected fields are: host index process source sourcetype tag ******************************************** 12/13/21 6:15:01.000 AM Column icon Dec 13 01:15:01 PROXYserver CROND[15913]: (flaradm) CMD (cd /vol00/ServerMgmt/Deploy_script/CURRENT/utils/UvScan_DATs/ ; scp *.dat root@PROXYservr:/usr/local/uvscan/ ) host = Proxyserver index = nixlogsec process = CROND source = /var/log/messages sourcetype = syslog › 12/13/21 6:15:01.000 AM Column icon Dec 13 01:15:01 PROXYserver CROND[15913]: (flaradm) CMD (cd /vol00/ServerMgmt/Deploy_script/CURRENT/utils/UvScan_DATs/ ; scp *.dat root@PROXYservr:/usr/local/uvscan/ ) host = Proxyserver index = nixlogsec process = CROND source = /var/log/secure sourcetype = linux_secure tag = os tag = unix › 12/12/21 1:31:33.000 PM Column icon Dec 12 08:31:33 PROXYserver root: [ID 702911 local1.info] ITSEC : UVSCAN : [uvscan check failed] host = PROXYservr.lmtas.com index = nixlogsec process = root source = /var/adm/messages sourcetype = syslog tag = error › 12/10/21 9:44:31.000 PM Column icon Dec 10 16:44:31 PROXYserver scsi: [ID 107833 kern.notice] ASC: 0x32 (no defect spare location available), ASCQ: 0x0, FRU: 0x9d host = PROXYservr.lmtas.com index = nixlogsec process = scsi source = /var/adm/messages sourcetype = syslog ... View more

Query information

by in Security
‎12-14-2021 03:13 PM
‎12-14-2021 03:13 PM
Hi, I have a UNIX server Solaris 8 that ac/behave like a Splunk Proxy server for 2 other UNIX servers Solaris 8. In other words the 2 Solaris servers send the syslog file to the UNIX Solaris Proxy server. I am trying to create a query that will shows the events coming from the 2 UNIX Solaris 8 servers. I run the below query for example: index=nix* serverproxy* | eval Status=if(like(source, "%FirstUNIXSolaris8%"), 1, 0) I am not getting any event that will show the FirstUNIX Solaris8 name/hostname. Please any suggestion how to create the specific query ? Thanks, Regards. Roberto     ... View more
Labels

Re: Splunk Universal Forwarder 7.3.4 (build 13e970...

by in Installation
‎05-07-2021 05:42 AM
‎05-07-2021 05:42 AM
Ok. Thanks for the follow-up/information. I have created the file user-seed.conf file in $SPLUNK_HOME/etc/system/local as  pre installation instruction. The user-seed.conf file is only used the first time the Splunk UF starts, and is automatically deleted. (from what I read in the installation instruction) In my case every time I run for example splunk list monitor or splunk list guid I still see: Your session is invalid. Please login. Splunk username: If I  type admin as login and the admin passwd I am getting the GUID info however in other servers/in other installation that I did in the past I did not have this issue. I am trying to see why in this specific case I ha/opt/splunkforwarder/etcve this problem. I tried to remove the file:  /opt/splunkforwarder/etc/passwd and I restarted splunkd process but still is  asking me the same "credential message". Please any suggestion will be great. Thanks.   ... View more

Splunk Universal Forwarder 7.3.4 (build 13e97039fb...

by in Installation
‎05-07-2021 04:28 AM
‎05-07-2021 04:28 AM
I have installed SUF 7.3.4 on UNIX(Solaris 10) Server and when I run splunk list guid or splunk list monitor I am getting "Splunk username". I have a user "splunkma" configured that I use to stop / start splunkd process. Please advice. Thanks. RB   ... View more
Labels

Re: How to resolve "err=not_connected" error in De...

by in Getting Data In
‎03-06-2021 04:29 AM
‎03-06-2021 04:29 AM
I have the same error in the splunkd.log file. The ssh -v DS-IPaddress whos Connection established. Any other suggestion how to further troubleshooting the issue ? ... View more

Re: SPLUNKFORWARDER error

by in Getting Data In
‎03-05-2021 01:25 PM
‎03-05-2021 01:25 PM
 Another issue is: when I run: /opt/splunkforwarder/bin/splunk list guid or list monitor command I do not get any answer back. ... View more

Re: SPLUNKFORWARDER error

by in Getting Data In
‎03-05-2021 01:22 PM
‎03-05-2021 01:22 PM
I have un-install and re-install Splunkforwarder version 8.0.1 on the Solaris 11.3 server. It did not help so far regarding the error. ... View more

Re: SPLUNKFORWARDER error

by in Getting Data In
‎03-05-2021 01:20 PM
‎03-05-2021 01:20 PM
The connection between the server (running the Splunkforwarder version 8.0.1) and the DS is working from what I see so far. ... View more

SPLUNKFORWARDER error

by in Getting Data In
‎03-05-2021 01:07 PM
‎03-05-2021 01:07 PM
I am getting the below error, looking the splunkd.log file. DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected Please any suggestion ?     ... View more
Labels

uninstall SUF on Solaris 11.3 LOCAL ZONE

by in Installation
‎03-04-2021 06:46 PM
‎03-04-2021 06:46 PM
HiI need to uninstall the package: application/splunkforwarder from a  LOCAL WHOLE ROOT ZONE Solaris 11.3 O.S. The WHOLE ROOT ZONE is running on a  Global zone Solaris 11.3 (which is the Container/physical server). Please let me know if you have any suggestion. Thanks. Roberto ... View more
Labels

REMOVE SPLUNK PACKAGE in Solaris 11.3 SPARC server

by in Installation
‎07-30-2019 04:59 AM
‎07-30-2019 04:59 AM
I need to remove the splunk pkg version currently running on a server Solaris 11.3 SPARC, when I run the pkg uninstall command in dry mode I see that it will be removing 2 pkgs shell/ksh and splunkforwarder, I am not sure why it will remove shell/ksh since I have asked only to remove the splunkforwarder pkg. Any suggestion will be great. Thanks. server1# pkg uninstall -nv application/splunkforwarder --> dry run Packages to remove: 2 Estimated space available: 330.61 GB Estimated space to be consumed: 197.91 MB Create boot environment: No Create backup boot environment: No Rebuild boot archive: No Changed packages: solaris shell/ksh 20110208,5.11-0.175.1.0.0.21.0:20120723T173801Z -> None splunk application/splunkforwarder 7.0.2,4104575081487:20180125T230423Z -> None ... View more

Issue when I start splunk on Solaris 11.3 SPARC Pl...

by in Installation
‎07-27-2019 04:02 PM
‎07-27-2019 04:02 PM
Solaris SPARC O.S. version 11.3 I have installed splunk version 7.0.2, when I start splunk I am getting the below error. Any suggestion will be great. Thanks. server1:/etc/rc3.d# pkg info splunkforwarder Name: application/splunkforwarder Summary: Splunk Universal Forwarder Description: Splunk> The platform for machine data. Category: Applications/Internet State: Installed Publisher: splunk Version: 7.0.2 Build Release: 4104575081487 Branch: None Packaging Date: Thu Jan 25 23:04:23 2018 Last Install Time: Wed Jul 24 13:27:31 2019 Size: 57.81 MB FMRI: pkg://splunk/application/splunkforwarder@7.0.2,4104575081487:20180125T230423Z /etc/rc3.d/S80splunk -> ../init.d/splunk ./S80splunk start Starting Splunk... ld.so.1: splunkd: fatal: relocation error: file /opt/splunkforwarder/bin/splunkd: symbol __clz_tab: referenced symbol not found ld.so.1: splunkd: fatal: relocation error: file /opt/splunkforwarder/bin/splunkd: symbol __clz_tab: referenced symbol not found ld.so.1: splunkd: fatal: relocation error: file /opt/splunkforwarder/bin/splunkd: symbol __clz_tab: referenced symbol not found Did not find "disabled" setting of "kvstore" stanza in server bundle. Splunk> Another one. Checking prerequisites... ld.so.1: splunkd: fatal: relocation error: file /opt/splunkforwarder/bin/splunkd: symbol __clz_tab: referenced symbol not found Checking mgmt port [8089]: ld.so.1: splunkd: fatal: relocation error: file /opt/splunkforwarder/bin/splunkd: symbol __clz_tab: referenced symbol not found open Checking kvstore port [8191]: ld.so.1: splunkd: fatal: relocation error: file /opt/splunkforwarder/bin/splunkd: symbol __clz_tab: referenced symbol not found open ld.so.1: splunkd: fatal: relocation error: file /opt/splunkforwarder/bin/splunkd: symbol __clz_tab: referenced symbol not found ld.so.1: splunkd: fatal: relocation error: file /opt/splunkforwarder/bin/splunkd: symbol __clz_tab: referenced symbol not found ERROR: pid 25909 terminated with signal 9 SSL certificate generation failed. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-28-2022 03:58 PM