All Apps and Add-ons

Splunk_TA_nix cannot open scripts

sjcoluccio67
Explorer

Hey Everyone,

I installed Splunk_TA_nix on my Ubuntu 16.04.2 server. After enabling some scripts and not seeing any data beng monitored, I checked splunkd.log and I see the following error:

07-03-2018 16:13:04.110 +0100 ERROR ExecProcessor - message from "/opt/splunkforwarder/etc/apps/Splunk_TA_nix/bin/cpu.sh" /bin/sh: 0: Can't open

For some reason the UF cannot of the .sh script files. As shown below, Splunk is the owner of those files and it has execute permissions:

-rwxrwxr-x 1 splunk splunk 3447 Jul 3 15:21 bandwidth.sh*
-rwxrwxr-x 1 splunk splunk 3997 Jul 3 15:21 common.sh*
-rwxrwxr-x 1 splunk splunk 3997 Jul 3 15:21 common.sh*

Does anyone know what is wrong here?

sloshburch
Splunk Employee
Splunk Employee

This symptom also occurs if Windows line endings got in the way. If you are able to vi the files, you may see some Windows interference on the line endings.

In that case, you can either:

  1. Redeploy the app by downloading again from Splunkbase.
  2. Convert the file's line endings with something like perl -pi -e 's/\r\n/\n/g' filename

Although this could be a larger issue if your deployment server is a Windows machine. In that case, you may have line ending issues more pervasive than those scripts.

0 Karma

sloshburch
Splunk Employee
Splunk Employee
0 Karma

sloshburch
Splunk Employee
Splunk Employee

What user is Splunk running as? It could be accidentally not running as 'splunk', the owner of those scripts.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

Ya, the issue is actually the commands those scripts run. If you run the script manually you'll be able to replicate it. The unix commands those scripts depend on need you to hook them up with the read/execute permissions.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...