Deployment Architecture

Why the error PARAMETER NAME: PATH MUST BE A FILE OR DIRECTORY ERROR" when trying to monitor logs on a server?

woodlandrelic
Path Finder

HI

I am trying to monitor logs on a server. I have a UF in it and am trying to ./splunk add monitor.

When I put the path, index and so on. I keep getting this error " PARAMETER NAME: PATH MUST BE A FILE OR DIRECTORY" I have gone thru tons of questions on here but no one answer this particular question. 

Thanks for your help.

Labels (1)
Tags (2)
0 Karma
1 Solution

woodlandrelic
Path Finder

Hi @richgalloway 

So, what I did was as I went into

/opt/splunkforwarder/etc/apps/search/Splunk_TA/local

Then vi inputs.conf 

Created the monitor stanza saved and restart.

Voila and  my data is popping .

Thank you guys. Am finding way around splunk.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

Please tell us the exact CLI command you are using to add the monitor.  What platform is the UF on?  It may be necessary to put the file path in quotes.

---
If this reply helps you, Karma would be appreciated.
0 Karma

woodlandrelic
Path Finder

Hi @richgalloway 

The application is Linux. The app is StoneBranch 

The commands from  opt/splunkforwarder/bin

./splunk add monitor 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The add monitor command takes at least one argument so specifying just "splunk add monitor" is going to fail.  See splunk help add monitor

splunk add monitor -source /var/log -index os -sourcetype foo

 

---
If this reply helps you, Karma would be appreciated.
0 Karma

woodlandrelic
Path Finder

Hi @richgalloway 

So, what I did was as I went into

/opt/splunkforwarder/etc/apps/search/Splunk_TA/local

Then vi inputs.conf 

Created the monitor stanza saved and restart.

Voila and  my data is popping .

Thank you guys. Am finding way around splunk.

isoutamo
SplunkTrust
SplunkTrust

When you are adding a monitor you must add also path to file or to directory as a parameter to the splunk add monitor command. You should do like this

./splunk add monitor /opt/foo/bar/var/log/file.log

See more from https://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesanddirectoriesusingtheCLI

r. Ismo 

0 Karma

proft
New Member

That is understood, but the Splunk Universal Forwarder 'splunk' utility is buggy and sometimes will not accept even a fully-qualified filename path.  Today we deployed identical rules for identical files across 100 servers, and about 20 of them failed with this error for no apparent reason.

0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...