Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

After setting up a universal forwarder and receiver on Windows, why am I getting "Error in 'DispatchProcess': Failed to write the info file to C:\Program Files\Splunk\var\run\splunk\dispatch\[lots of letters and numbers]\info.csv"?

mr_dombat
Explorer
‎11-17-2015 07:39 AM

I've set up a universal forwarder on a remote webserver using local system account (Win2008R2 64bit).

I have enabled receiving on the receiver which is using a domain account (Win7 Pro 64bit). It asked to restart Splunk which I did.

The dashboard is now showing:

Error in 'DispatchProcess': Failed to write the info file to C:\Program Files\Splunk\var\run\splunk\dispatch\[lots of letters and numbers]\info.csv
0 Karma
Reply

nbjoshi_splunk
Splunk Employee
Splunk Employee
‎11-17-2015 02:53 PM

Are you sure you installed the Splunk Universal Forwarder and not a full Splunk installation? I would expect the directory to be C:\Program Files\SplunkUniversalForwarder....

In regards to your error, you might have some old erroneous results stored in the dispatch directory. You can manually clear out the "[lots of letters and numbers]" directory and restart Splunk and this should resolve the issue.

0 Karma
Reply

mr_dombat
Explorer
‎11-18-2015 02:15 AM

The error message was manifesting itself in the full splunk.

On the indexer/receiver I deleted the files as requested it made no difference.

I changed the two services to run as interactive desktop enabled LocalService and restarted splunk, same messages.

I checked permissions on the folder(s) and added my domain and localsevice both as Full control, restarted, same messages.

I uninstalled Splunk, cleaned the registry using CCLeaner, rebooted, reinstalled using Local account (default setting) and it seems OK now.

Not getting anything from my forwarders still but that is a different question.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...