All Apps and Add-ons
Highlighted

Splunk App for Windows Infrastructure: Created "sendtoindexer" app per documentation, but why is outputs.conf not on the deployment client?

Path Finder

I have created a "sendtoindexer" app following Splunk App for Windows Infrastructure 1.4 documentation and I cannot seem to get the outputs.conf file to push down to the deployment client. The app is showing as installed from the deployment server but I do not see any outputs.conf file on the deployment client. The rest of the folders and files of the app exist on the client but no outputs.conf.

I have restarted Splunk services on the deployment client, reloaded the deployment server, and restarted Splunk on the deployment server but outputs.conf will not push down to the deployment client.

Thanks in advance.

0 Karma
Highlighted

Re: Splunk App for Windows Infrastructure: Created "sendtoindexer" app per documentation, but why is outputs.conf not on the deployment client?

Path Finder

Looking in splunkd logs I have found my issue but I am not sure why I am running into these permissions issues..

11-30-2016 16:11:03.548 -0500 ERROR Archiver - Failed to open file="C:\Program Files\Splunk\etc\deployment-apps\sendtoindexer\local\outputs.conf": Access is denied.

I have fixed this issue by adding SYSTEM to have full control of the file, but moving forward how do I prevent this when creating additional files?

View solution in original post

0 Karma
Highlighted

Re: Splunk App for Windows Infrastructure: Created "sendtoindexer" app per documentation, but why is outputs.conf not on the deployment client?

Splunk Employee
Splunk Employee

What use is Splunk running as? Local System?

0 Karma
Highlighted

Re: Splunk App for Windows Infrastructure: Created "sendtoindexer" app per documentation, but why is outputs.conf not on the deployment client?

Path Finder

Splunk is running as local system.

0 Karma