All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App for Windows Infrastructure: Created "sendtoindexer" app per documentation, but why is outputs.conf not on the deployment client?

gstefancyk
Path Finder
‎11-30-2016 12:57 PM

I have created a "sendtoindexer" app following Splunk App for Windows Infrastructure 1.4 documentation and I cannot seem to get the outputs.conf file to push down to the deployment client. The app is showing as installed from the deployment server but I do not see any outputs.conf file on the deployment client. The rest of the folders and files of the app exist on the client but no outputs.conf.

I have restarted Splunk services on the deployment client, reloaded the deployment server, and restarted Splunk on the deployment server but outputs.conf will not push down to the deployment client.

Thanks in advance.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gstefancyk
Path Finder
‎11-30-2016 01:20 PM

Looking in splunkd logs I have found my issue but I am not sure why I am running into these permissions issues..

11-30-2016 16:11:03.548 -0500 ERROR Archiver - Failed to open file="C:\Program Files\Splunk\etc\deployment-apps\sendtoindexer\local\outputs.conf": Access is denied.

I have fixed this issue by adding SYSTEM to have full control of the file, but moving forward how do I prevent this when creating additional files?

View solution in original post

0 Karma
Reply
Solved! Jump to solution

Heff
Splunk Employee
Splunk Employee
‎11-30-2016 02:21 PM

What use is Splunk running as? Local System?

0 Karma
Reply
Solved! Jump to solution

gstefancyk
Path Finder
‎12-02-2016 04:35 AM

Splunk is running as local system.

0 Karma
Reply
Solved! Jump to solution
Solution

gstefancyk
Path Finder
‎11-30-2016 01:20 PM

Looking in splunkd logs I have found my issue but I am not sure why I am running into these permissions issues..

11-30-2016 16:11:03.548 -0500 ERROR Archiver - Failed to open file="C:\Program Files\Splunk\etc\deployment-apps\sendtoindexer\local\outputs.conf": Access is denied.

I have fixed this issue by adding SYSTEM to have full control of the file, but moving forward how do I prevent this when creating additional files?

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...