Seeing tons of these errors in splunkd logs of indexers. What could be the reason? We are also experiencing search performance issues. Not sure if it's aligned to the error message.
As I can only tell from your information, there must be some missing permissions. E.g. if Splunk tries to write in a file or directory, but does not have the permission to edit this file. Some more information would be helpful. Which user ist the owner of Splunkd process? Which user installed Splunk? What is the full Error message? I think there must be a whole Error message in the log, saying what file or path Splunk tried to edit.
Hi @jbrocks User which installed Splunk and owner of splunkd process are the same. I copied the whole error message. Unfortunately the error doesn't say which file it's trying to write to and failing. Is there any way we can find which file it is?
Wehre die you her tue error Message? Splunk process loggs to SPLUNK_HOME/var/log/splunk/splunkd.log this is the most common splunk log to look for errors. But also the other logs in that directory might be intresting.