All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk_TA_nix cannot open scripts

sjcoluccio67
Explorer
‎07-03-2018 08:26 AM

Hey Everyone,

I installed Splunk_TA_nix on my Ubuntu 16.04.2 server. After enabling some scripts and not seeing any data beng monitored, I checked splunkd.log and I see the following error:

07-03-2018 16:13:04.110 +0100 ERROR ExecProcessor - message from "/opt/splunkforwarder/etc/apps/Splunk_TA_nix/bin/cpu.sh" /bin/sh: 0: Can't open

For some reason the UF cannot of the .sh script files. As shown below, Splunk is the owner of those files and it has execute permissions:

-rwxrwxr-x 1 splunk splunk 3447 Jul 3 15:21 bandwidth.sh*
-rwxrwxr-x 1 splunk splunk 3997 Jul 3 15:21 common.sh*
-rwxrwxr-x 1 splunk splunk 3997 Jul 3 15:21 common.sh*

Does anyone know what is wrong here?

Reply

sloshburch
Ultra Champion
‎01-07-2019 11:00 AM

This symptom also occurs if Windows line endings got in the way. If you are able to vi the files, you may see some Windows interference on the line endings.

In that case, you can either:

  1. Redeploy the app by downloading again from Splunkbase.
  2. Convert the file's line endings with something like perl -pi -e 's/\r\n/\n/g' filename

Although this could be a larger issue if your deployment server is a Windows machine. In that case, you may have line ending issues more pervasive than those scripts.

0 Karma
Reply

sloshburch
Ultra Champion
‎01-16-2019 12:22 PM

I've built upon this topic with the What are best practices for deploying the Splunk Add-on for Unix and Linux in a distributed environm...

0 Karma
Reply

sloshburch
Ultra Champion
‎01-04-2019 08:43 AM

What user is Splunk running as? It could be accidentally not running as 'splunk', the owner of those scripts.

0 Karma
Reply

sloshburch
Ultra Champion
‎01-03-2019 02:32 PM

Ya, the issue is actually the commands those scripts run. If you run the script manually you'll be able to replicate it. The unix commands those scripts depend on need you to hook them up with the read/execute permissions.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...