Deployment Architecture

Mysterious Illogical Error - Trying to Forward - Parameter name: Path does not exist.

rogue_carrot
Communicator

Hello Team,

I am trying to do a simple thing. I am trying to forward a log file to my remote Splunk indexer. I am using the command : ./splunk add monitor /path/to/log/file/appname.log. I am able to tab complete all the way to the log file so I know the file is there on the disk. However Splunk still throws the "Parameter name: Path does not exist." error.

This command has worked in the past. However I have been receiving the below error, Figure 1, for the last four hours and counting.

Screenshot of the error actually occurring on my computer
Figure 1: Add Monitor Error

I saw someone had a similar question but I did not see any helpful answers. I think this must be a permissions issue. Splunk does not have the same privileges as the normal user of the operating system. Can anyone point me in right direction? Also, I noticed something else.

Figure 2 shows a screenshot of the different partitions of the operating system (OS). I am trying to forward the log file under the /app directory which is on /dev/mapper/VolGroup00-app_lv from where splunk is installed on the /opt directory which is on /dev/mapper/VolGroup00-root_lv. Do you all think the fact that these two folders are on different partitions has anything to do with the problem?

notice the different partitions
Figure 2: Different partitions of same drive

This error seems similar to this question: https://answers.splunk[dot]com/answers/29019/the-system-cannot-find-the-path-specified.html

Thank-you for reading this.

Regards,

rogue_carrot

Tags (1)
0 Karma

rogue_carrot
Communicator

The solution was to recursively change all the permissions for the group to read write execute. The command was something like chmod -R 775 /app

After this command was issued I was able to add the file to the monitor and forward the log to the remote indexer with the ./splunk add monitor <path to file> command. 🙂

0 Karma

renjith_nair
Legend

Hi @rogue_carrot ,

Try accessing the file as 'splunk' user and see if it works (both listing (ls) and reading (tail/head). Also we should check the parent directory permissions as well.

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma

MuS
Legend

Agreed to check and verify permissions along the path to reach the file, and even some sysadmins try to tell a different story - you need execute permission on a directory to be able to cd into it 😉

cheers, MuS

0 Karma

rogue_carrot
Communicator

Hello renjith.nair and MuS I am able to ls the directory with the log file I want to forward and I am able to use the tail command on the log file. I checked the permissions and I think the splunk user can both read and execute the directory where the log file is. Any other ideas?

Mus, you were saying the entire path needs to have the correct permissions? I have not checked every directory but I can cd (change directories) to the log file that I am trying to forward.

0 Karma

rogue_carrot
Communicator

I was not able to use the find command to find the log file which gave me a clue to the problem.

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...