All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk_TA_nix cannot open scripts

sjcoluccio67
Explorer
‎07-03-2018 08:26 AM

Hey Everyone,

I installed Splunk_TA_nix on my Ubuntu 16.04.2 server. After enabling some scripts and not seeing any data beng monitored, I checked splunkd.log and I see the following error:

07-03-2018 16:13:04.110 +0100 ERROR ExecProcessor - message from "/opt/splunkforwarder/etc/apps/Splunk_TA_nix/bin/cpu.sh" /bin/sh: 0: Can't open

For some reason the UF cannot of the .sh script files. As shown below, Splunk is the owner of those files and it has execute permissions:

-rwxrwxr-x 1 splunk splunk 3447 Jul 3 15:21 bandwidth.sh*
-rwxrwxr-x 1 splunk splunk 3997 Jul 3 15:21 common.sh*
-rwxrwxr-x 1 splunk splunk 3997 Jul 3 15:21 common.sh*

Does anyone know what is wrong here?

Reply

sloshburch
Splunk Employee
Splunk Employee
‎01-07-2019 11:00 AM

This symptom also occurs if Windows line endings got in the way. If you are able to vi the files, you may see some Windows interference on the line endings.

In that case, you can either:

  1. Redeploy the app by downloading again from Splunkbase.
  2. Convert the file's line endings with something like perl -pi -e 's/\r\n/\n/g' filename

Although this could be a larger issue if your deployment server is a Windows machine. In that case, you may have line ending issues more pervasive than those scripts.

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎01-16-2019 12:22 PM

I've built upon this topic with the What are best practices for deploying the Splunk Add-on for Unix and Linux in a distributed environm...

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎01-04-2019 08:43 AM

What user is Splunk running as? It could be accidentally not running as 'splunk', the owner of those scripts.

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎01-03-2019 02:32 PM

Ya, the issue is actually the commands those scripts run. If you run the script manually you'll be able to replicate it. The unix commands those scripts depend on need you to hook them up with the read/execute permissions.

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...