Hi Splunk Experts,
Last few days, I'm struggling to solve a new issue in Splunk DB Connect.
My Splunk indexer, searching,reporting, alert creation and Splunk DB Connect is in a single instance. I'm using Universal Forwarder.
Hardware Configurations : 12 cores CPU, OS : Windows (64 Bit).
Splunk Enterprise Version : 7.1.0 and Splunk DB Connect Version : 3.1.3(Get the update alert for Splunk DB Connect but didn't updated it yet)
Recently I'm facing an issue that my already configured inputs are working absolutely fine in Splunk DB Connect and whenever I'm trying to create a new input in Splunk DB Connect, it's not working anymore. I can get the alerts from "DB Connect Input Health Check" and getting an error message from Splunk/var/log/splunk/splunk_app_db_connect_server.log file
"** [QuartzScheduler_Worker-10] ERROR c.s.d.s.dbinput.task.DbInputCheckpointRepository - action=unable_to_save_checkpoint
java.io.FileNotFoundException: Splunk\var\lib\splunk\modinputs\server\splunk_app_db_connect\XXXXXXXXX(Store Number) (Access is denied)
**"
But with the same connection my created previous inputs are working properly. I don't know why I'm getting this issue.
Please help me on this matter and attached the proper link if you have.
Let me know, if anyone need any information on this topic.
Thanks,
@saibal6
Make sure the directory \var\lib\splunk\modinputs\server\splunk_app_db_connect is owned by Splunk and has the proper permissions. Splunk needs to write in there every time an input executes and runs against the database.
Make sure the directory \var\lib\splunk\modinputs\server\splunk_app_db_connect is owned by Splunk and has the proper permissions. Splunk needs to write in there every time an input executes and runs against the database.
Thank you for the above suggestion @tiagofbmm
Could you please tell me how can I make sure that the directory is owned by Splunk and has the proper permission? Is there any Splunk document you have?
Please share the link if you have find any Splunk document.
Thanks,
@saibal6
Access your instance ( expecting it to be a nix machine) and go check the directory owner, group and rwx permissions. Make sure splunk user is the owner and the owner has rwx on the directory and subcontents.
Thanks @tiagofbmm ,
Your above mentioned comments are very helpful for me. I fixed my issue as you said and it's working fine. By the way my Splunk environment is present in Windows OS.
Are you creating everything from the GUI? Becuase i get the same behavour when i do some CLI edits/creating on the inputs from CLI on the things i have done in the GUI.
Yes, I'm creating new inputs from GUI. But I didn't changes anything from CLI. Could you please tell me what will be the solution for this? @broberg
Thanks,
@saibal6