All Apps and Add-ons
Highlighted

Splunk App for Stream: streamfwd command not found error[SOLVED]

Path Finder

I am trying to run Stream against pcap data. I am having trouble executing the streamfwd command. I am in $SPLUNKHOME/etc/apps/SplunkTAstream/linux86_64/bin

I run:
>>#streamfwd -r /data.cap

>>streamfwd: command not found

What do you think is causing this error? I have confirmed the following:

  • I ran the file command on streamfwd and the output is: setuid ELF 64 bit executable

  • The [streamfwd://streamfwd] stanza contains the correct location (URI) of your splunkappstream installation

  • setuid.sh is running as root

Any troubleshooting suggestions would be greatly appreciated. Another way of solving my problem of trying to index pcaps with stream is to run tcpreplay on a specific interface and have the streamfwd listening on the specific interface, this technique should work as well if all else fails correct?

UPDATE: ./streamfwd

Tags (2)
0 Karma
Highlighted

Re: Splunk App for Stream: streamfwd command not found error[SOLVED]

Splunk Employee
Splunk Employee

You likely do not have the current working directory in your PATH. Try ./streamfwd -r /data.cap

View solution in original post

0 Karma
Highlighted

Re: Splunk App for Stream: streamfwd command not found error[SOLVED]

Path Finder

It is the correct path. Though I tried that and still the same error. If it was a working directory error wouldn't streamfwd command be recognized and I would receive a directory path not found error?

Could it actually be the command itself?

0 Karma
Highlighted

Re: Splunk App for Stream: streamfwd command not found error[SOLVED]

Splunk Employee
Splunk Employee

Hmm.. does the streamfwd file have executable permissions set? chmod a+x streamfwd

0 Karma
Highlighted

Re: Splunk App for Stream: streamfwd command not found error[SOLVED]

Path Finder

No change. And I also tried chmod 755 streamfwd

I tried to move my data.cap into the ../bin directory with streamfwd. It disappeared. Also I tried to cat streamfwd doesn't even recognize streamfwd is their (though I see it in the directory)
The file permissions for bin is the following:
-rwxr-xr-x

I am wondering could you run the streamfwd? I have reinstalled the app twice ... I might need to reinstall Splunk??

0 Karma
Highlighted

Re: Splunk App for Stream: streamfwd command not found error[SOLVED]

Splunk Employee
Splunk Employee

Honestly, it sounds like you may need to reinstall your OS. Disappearing files and such means something is seriously corrupted.

0 Karma
Highlighted

Re: Splunk App for Stream: streamfwd command not found error[SOLVED]

Path Finder

./streamfwd That was my problem.

Thank you for trying to help!!!

0 Karma