Hello Team,
I am trying to do a simple thing. I am trying to forward a log file to my remote Splunk indexer. I am using the command : ./splunk add monitor /path/to/log/file/appname.log
. I am able to tab complete all the way to the log file so I know the file is there on the disk. However Splunk still throws the "Parameter name: Path does not exist." error.
This command has worked in the past. However I have been receiving the below error, Figure 1, for the last four hours and counting.
Figure 1: Add Monitor Error
I saw someone had a similar question but I did not see any helpful answers. I think this must be a permissions issue. Splunk does not have the same privileges as the normal user of the operating system. Can anyone point me in right direction? Also, I noticed something else.
Figure 2 shows a screenshot of the different partitions of the operating system (OS). I am trying to forward the log file under the /app directory which is on /dev/mapper/VolGroup00-app_lv from where splunk is installed on the /opt directory which is on /dev/mapper/VolGroup00-root_lv. Do you all think the fact that these two folders are on different partitions has anything to do with the problem?
Figure 2: Different partitions of same drive
This error seems similar to this question: https://answers.splunk[dot]com/answers/29019/the-system-cannot-find-the-path-specified.html
Thank-you for reading this.
Regards,
rogue_carrot
The solution was to recursively change all the permissions for the group to read write execute. The command was something like chmod -R 775 /app
After this command was issued I was able to add the file to the monitor and forward the log to the remote indexer with the ./splunk add monitor <path to file>
command. 🙂
Hi @rogue_carrot ,
Try accessing the file as 'splunk' user and see if it works (both listing (ls) and reading (tail/head). Also we should check the parent directory permissions as well.
Agreed to check and verify permissions along the path to reach the file, and even some sysadmins try to tell a different story - you need execute permission on a directory to be able to cd
into it 😉
cheers, MuS
Hello renjith.nair and MuS I am able to ls the directory with the log file I want to forward and I am able to use the tail command on the log file. I checked the permissions and I think the splunk user can both read and execute the directory where the log file is. Any other ideas?
Mus, you were saying the entire path needs to have the correct permissions? I have not checked every directory but I can cd (change directories) to the log file that I am trying to forward.
I was not able to use the find command to find the log file which gave me a clue to the problem.