Hi All,
I've installed the Splunk Add-on for Unix and Linux in both Splunk Enterprise as well as my forwarder which is running 9.3.2 However I keep running into this error below:
12-19-2024 15:54:30.303 +0000 ERROR ExecProcessor [1376795 ExecProcessor] - message from "/opt/splunkforwarder/etc/apps/Splunk_TA_nix/bin/vmstat_metric.sh" /opt/splunkforwarder/etc/apps/Splunk_TA_nix/bin/hardware.sh: line 62: /opt/splunkforwarder/var/run/splunk/tmp/unix_hardware_error_tmpfile: No such file or directory
The above is coming from the splunkd.log after I have stopped and restarted the SplunkForwarder.service. I am very new to Splunk and do not posses any certifications. My company has tasked me with learning and configuring Splunk and I am enjoying it except I am unable to get this data sent to my indexer so that I can see the data in Search and Reporting.
These are the steps taken so far:
- Installed Splunk Add-on for Unix and Linux on my enterprise UI machine
- installed Splunk Add-on for Unix and Linux on my unvf
- As the local directory was not created at "/opt/splunkforwarder/etc/apps/Splunk_TA_nix/" I created it and copied the inputs.conf from default to local and then allowed the scripts I wanted.
- Made sure the Splunk user was owner and had the privileges needed to the local directory
- stopped the splunk service and restarted it.
- Ran - cat /opt/splunkforwarder/var/log/splunk/splunkd.log | grep ERROR
- Almost every Error is "unix_hardware_error_tmpfile: No such file or directory"
- if I create the tmpfile it disappears and is not recreated
I'm sure there are many other things I didnt mention because I honestly dont remember because I have been trying to figure this issue out since yesterday and am not getting anywhere.
PLEASE HELP!
