I get an error message "Path does not exist" when I try to add the apache2 logfile /var/log/apache2/access.log to the splunk inventory. I'm definitely on the right (local) machine. The file exists:
-rw-r----- 1 root adm 21729411 Okt 7 11:52 /var/log/apache2/access.log
The logfiles group is adm.
splunkd runs as user "splunker", this user is member of the group adm. When I login with the user splunker, I can manually read the logfile.
What could be the problem?
as I wrote before, the parents directory permission are important as well, read this http://unix.stackexchange.com/questions/13858/do-the-parent-directorys-permissions-matter-when-acces... to get more details.
When i tried "/var/log/apache*/access.log" I got a "success" message, the source was added, but do data was obtained.
But now I found out that i woks if i give the apache2 directory the "read" right for "others". I'm a little bit confused, because the "splunker" user can read the files even without that right.