Solved: because of a symlink size of bundle file is 0 on s...

imrago · ‎12-22-2011

Hi,

I have a simple setup, one searchhead and one indexer. Starting from the latest upgrade to 4.2.4 the size of bundle file on the searchhead is always zero and it is not being replicated to the indexer.
How could I fix this or how could I find the cause of the problem?

imrago · ‎12-27-2011

I solved the problem by creating a blacklist for the directory containing the symlink, the following post helped me a lot:

http://splunk-base.splunk.com/answers/36774/distributed-search-knowledge-bundle-regex

View solution in original post

imrago · ‎12-27-2011

I solved the problem by creating a blacklist for the directory containing the symlink, the following post helped me a lot:

http://splunk-base.splunk.com/answers/36774/distributed-search-knowledge-bundle-regex

imrago · ‎12-23-2011

I found the cause of the problem : a symbolic link in the /opt/splunk/etc/apps/applicationname/appserver/static folder. It was working in earlier versions (4.2.2) . Could it be a bug?

because of a symlink size of bundle file is 0 on searchhead in /opt/splunk/var/run/

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?

because of a symlink size of bundle file is 0 on searchhead in /opt/splunk/var/run/

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine