Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Apps and Add-ons
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Splunk App for Unix and Linux: How to check splunk...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk App for Unix and Linux: How to check splunkd.log why I can't I add a forwarder client in splunk GUI after installing a forwarder?
gsrikanth87
Path Finder
01-27-2015
11:27 AM
logfiles: splunkd.log
forwarder side:
01-27-2015 14:12:44.726 -0500 ERROR ArchiveContext - archive writer failure: errno=Broken pipe
01-27-2015 14:12:44.726 -0500 ERROR ArchiveContext - From archive='/opt/splunkforwarder/etc/apps/TA-nmon/var/nmon_repository/bhcx27_150127_1357.nmon': python: A file or directory in the path name does not exist.
central splunk:
01-27-2015 14:14:32.170 -0500 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/nmon/bin/nmon_helper.sh" which: no nmon in (/opt/splunk/bin:/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
01-27-2015 13:33:32.883 -0500 ERROR HttpListener - Exception while processing request from 10.9.85.4 for /en-US/module/system/Splunk.Module.UnixBubbleGrid/render?sid=1422383610.272&client_app=splunk_app_for_nix: Connection closed by peer
01-27-2015 13:26:49.420 -0500 ERROR HttpListener - Handler for /en-US/module/system/Splunk.Module.UnixResultsTable/render?count=20&offset=0&sid=1422383204.177&client_app=splunk_app_for_nix sent a 0 byte response after earlier claiming a Content-Length of 333!
01-27-2015 13:26:50.978 -0500 ERROR HttpListener - Exception while processing request from 10.9.85.4 for /en-US/module/system/Splunk.Module.UnixResultsTable/render?count=20&offset=0&sid=1422383205.185&client_app=splunk_app_for_nix: Connection closed by peer
01-27-2015 13:26:50.978 -0500 ERROR HttpListener - Handler for /en-US/module/system/Splunk.Module.UnixResultsTable/render?count=20&offset=0&sid=1422383205.185&client_app=splunk_app_for_nix sent a 0 byte response after earlier claiming a Content-Length of 467!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gjanders
SplunkTrust
07-21-2016
08:22 PM
I assume you solved:
01-27-2015 14:12:44.726 -0500 ERROR ArchiveContext - From archive='/opt/splunkforwarder/etc/apps/TA-nmon/var/nmon_repository/bhcx27_150127_1357.nmon': python: A file or directory in the path name does not exist.
But for anyone else who hits the issue, this will happen if python is not installed (as is typical on AIX servers), the props.conf of the nmon application can be overridden to use the perl interpreter:
[source::.../*.nmon]
unarchive_cmd = $SPLUNK_HOME/etc/apps/TA-nmon/bin/nmon2csv.pl
# To manage repositories archives of cold nmon files (add you own for other compressed formats)
[source::.../*.nmon.gz]
unarchive_cmd = gunzip | $SPLUNK_HOME/etc/apps/nmon/bin/nmon2csv.pl
The above normally defaults to python.
The official documentation for the nmon app is here:
http://nmonsplunk.wikidot.com/
The application itself lives here:
https://splunkbase.splunk.com/app/1753
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dflodstrom
Builder
01-27-2015
12:18 PM
To add a forwarder the forwarder manager you must specify the deployment server by executing:
splunk set deploy-poll <IP_address/hostname>:<management_port>
splunk restart
http://docs.splunk.com/Documentation/Splunk/6.2.1/Updating/Configuredeploymentclients
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gsrikanth87
Path Finder
01-27-2015
12:29 PM
I have already done these steps. but I cannot see forwarder client in splunk web
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
malmoore
Splunk Employee
02-02-2015
06:20 PM
Is nmon on your system?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gsrikanth87
Path Finder
02-03-2015
06:10 AM
yes, I have nmon in my server.
Get Updates on the Splunk Community!
.conf25 Registration is OPEN!
Ready. Set. Splunk!
Your favorite Splunk user event is back and better than ever. Get ready for more technical ...
Detecting Cross-Channel Fraud with Splunk
This article is the final installment in our three-part series exploring fraud detection techniques using ...
Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside
Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
