Brand news servers. Not receiving all data from the UF. Confirmed connectivity. Confirmed inputs via "/opt/splunkforwarder/bin/splunk btool inputs list | grep bc_ | grep "\["", Only getting 2 sourcetypes when there should be at least 16 for the index. Getting this error message: Invalid key in stanza [webhook] in /opt/splunkforwarder/etc/system/default/alert_actions.conf, line 229: enable_allowlist (value: false). Getting this when starting splunkd:
Splunk> Take the sh out of IT.
Checking prerequisites... Management port has been set disabled; cli support for this configuration is currently incomplete. Checking conf files for problems... Invalid key in stanza [webhook] in /opt/splunkforwarder/etc/system/default/alert_actions.conf, line 229: enable_allowlist (value: false). Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug' Done Checking default conf files for edits... Validating installed files against hashes from '/opt/splunkforwarder/splunkforwarder-9.0.3-dd0128b1f8cd-linux-2.6-x86_64-manifest' All installed files intact. Done All preliminary checks passed.
Starting splunk server daemon (splunkd)... Done
... View more