Re: Gettin Error FileClassifierManager, TailReader...

thatiana_liz · ‎04-30-2020

Hello,

I am trying to upload a .csv file and I am getting three errors messagen in my internal logs

" -0400 ERROR TailReader - error from
read call from "WARN
FilesystemChangeWatcher - error
getting attributes of path
"D:\Dados\SKY\Compartilhado\TECNOL~1\MONITO~1\TransUnion2Splunk\O0055TRANSUNION_COLETAFINALDESEMANA_30042020.csv":
Access is denied."

" WARN FileClassifierManager - Unable
to open
'D:\Dados\SKY\Compartilhado\TECNOL~1\MONITO~1\TransUnion2Splunk\O0055TRANSUNION_COLETAFINALDESEMANA_TESTE.CSV'"

ERROR TailReader - error from read
call from
'D:\Dados\SKY\Compartilhado\TECNOL~1\MONITO~1\TransUnion2Splunk\O0055TRANSUNION_COLETAFINALDESEMANA_TESTE.CSV'.

And the the file is not uploading into Splunk.

I checked the permision, it's correct.
The SPLUNK UF it's executing System Account

Can you please help me figure out why I am getting this error and my file is not getting indexed?

My inputs.conf

[monitor://D:\Dados\SKY\Compartilhado\TECNOL~1\MONITO~1\TransUnion2Splunk\O0055TRANSUNION_COLETAFINALDESEMANA_*.CSV]
_TCP_ROUTING =  *
index=INDEX
source=INDEXXX:XXX
sourcetype=INDEXXX:XXX
disabled = 0
time_before_close = 60
multiline_event_extra_waittime = true
initCrcLength = 512

PavelP · ‎05-01-2020

Hello @thatiana_liz ,

please check this answer: https://answers.splunk.com/answers/147511/filesystemchangewatcher-error-getting-attributes-of-path.h...

you need not only read permissions for the CSV file, but also "list folder content" permissions for all folders.

Let me know if it worked

Gettin Error FileClassifierManager, TailReader, FilesystemChangeWatcher on SPLUNK Universal Forwarder

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

Improve Data Pipelines Using Splunk Data Management

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?