Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I fix this error: Incorrect path to script - Script must be located inside $SPLUNK_HOME\bin\scripts?

st1
Explorer
‎05-25-2023 10:37 AM

The splunkd.log on a Windows host shows the following errors:

05-22-2023 15:31:34.452 -0400 ERROR FrameworkUtils [15508 ExecProcessor] - Incorrect path to script: \.\bin\rectify_hostname.sh. Script must be located inside $SPLUNK_HOME\bin\scripts.

05-22-2023 15:31:34.452 -0400 ERROR ExecProcessor [15508 ExecProcessor] - Ignoring: "\.\bin\rectify_hostname.sh"

 How am I able to fix this? I cannot find the "\.\bin\rectify_hostname.sh" path on the host.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

PickleRick
SplunkTrust
SplunkTrust
‎05-30-2023 09:47 AM

Ugh.

The idea of supplying an app with two different script versions - one for Windows and one for Unix is in itself a good one. The bad thing about this particular app is that both versions are enabled by default. (I'm not very convinced to sending data to _internal this way, BTW; normal thing would be to create a file in $SPLUNK_HOME/var/log/splunk and let the forwarder's default monitor input pick it up).

How I'd disable that input?

If you deploy this app to many hosts (both unix and windows), I'd create one app for unix and one for windows with just a definition of a disabled input. So one app with local/inputs.conf containing:

[script://./bin/rectify_hostname.sh]
disabled = 1

And one with

[script://.\bin\rectify_hostname_wrapper.cmd]
disabled = 1

 Then you simply deploy one of them to windows and one to unices.

But honestly, I find the whole app broken by design. It's trying to do a walkaround over the problem which should be solved, not walked around.

View solution in original post

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎05-25-2023 11:45 AM

The error message is not saying the script exists in the wrong place.  It's saying a .conf file contains the invalid path given.

Search your Splunk configs for the file path in the message and correct it.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

st1
Explorer
‎05-30-2023 07:35 AM

I found the file path on my deployment server at /opt/splunk/etc/deployment-apps/rectify_hostname/default/inputs.conf

[script://./bin/rectify_hostname.sh]
disabled = False
index = _internal
interval = -1

[script://.\bin\rectify_hostname_wrapper.cmd]
disabled = False
index = _internal
interval = -1

 

/opt/splunk/etc/deployment-apps/rectify_hostname/bin/rectify_hostname.sh  has this:

#!/bin/bash

# chmod a+x <this file> before deployment

# script fetches the hostname from the environment
# converts it to lowercase and truncates any FQDN
# inserts it into etc/system/local server.conf and inputs.conf if necessary
# restarts splunk
# tested on RHEL7 and Solaris11

# set localization from international (cuz old Gnu on Solaris)
LC_ALL="C"

if [ "$SPLUNK_HOME" = "" ]; then
SPLUNK_HOME="/opt/splunkforwarder"
fi

...

 

/opt/splunk/etc/deployment-apps/rectify_hostname/bin/rectify_hostname_wrapper.cmd 

REM store path of this bin folder
set "BINPATH=%~dp0"
REM set "SPLUNK_HOME=C:\Program Files\SplunkUniversalForwarder"

%SystemRoot%\system32\WindowsPowerShell\v1.0\Powershell -ExecutionPolicy ByPass -File "%BINPATH%rectify_hostname.ps1" -splunkHome "%SPLUNK_HOME%"

 

/opt/splunk/etc/deployment-apps/rectify_hostname/bin/rectify_hostname.ps1

# for Powershell 2 compatibilityparam(
[string]$splunkHome = $env:SPLUNK_HOME
)

if ( -not ($splunkHome) ) {
$splunkHome = "$env:ProgramFiles\SplunkUniversalForwarder"
}

...

 

I'm not sure where to correct the file path. Would it be changing the line in inputs.conf from [script://./bin/rectify_hostname.sh] to [script://./bin/scripts/rectify_hostname.sh]?

0 Karma
Reply
Solved! Jump to solution
Solution

PickleRick
SplunkTrust
SplunkTrust
‎05-30-2023 09:47 AM

Ugh.

The idea of supplying an app with two different script versions - one for Windows and one for Unix is in itself a good one. The bad thing about this particular app is that both versions are enabled by default. (I'm not very convinced to sending data to _internal this way, BTW; normal thing would be to create a file in $SPLUNK_HOME/var/log/splunk and let the forwarder's default monitor input pick it up).

How I'd disable that input?

If you deploy this app to many hosts (both unix and windows), I'd create one app for unix and one for windows with just a definition of a disabled input. So one app with local/inputs.conf containing:

[script://./bin/rectify_hostname.sh]
disabled = 1

And one with

[script://.\bin\rectify_hostname_wrapper.cmd]
disabled = 1

 Then you simply deploy one of them to windows and one to unices.

But honestly, I find the whole app broken by design. It's trying to do a walkaround over the problem which should be solved, not walked around.

Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎05-30-2023 07:51 AM

It seems that you have one common App which contains both linux and windows version for that script. Basically this means that if you have only one version it with configurations on DS and you deploy it to all your UFs (both linux and windows) and you have enabled both scripts then it obviously failed. On linux nodes windows version failed and on windows nodes linux version failed (as your logs already said).

There are couple of ways to fix it based on it's content (have it anything else than this one script). Shortly you should have separate inputs script enabled based on UF's OS.  If you have only Windows UFs then just change "disabled = True" for rectify_hostname.sh script on inputs.conf.

But if you have both linux and windows where you are running this app, then probably easiest way is just copy this app rectify_hostname_nix and rectify_hostname_win and then enable linux script on 1st one and windows version on 2nd one.

Reply
Solved! Jump to solution

st1
Explorer
‎05-30-2023 08:29 AM

Thanks for the detailed response. It's very helpful.

So, for my clarification, I create two new deployments apps: rectify_hostname_nix and rectify_hostname_win.

Everything stays the same in these apps except for the input.conf file?

For the nix app, I would keep "disabled = False" and for the windows app, I would do "disabled = True"? I think I'm not sure if I have the right solution for Windows

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎05-26-2023 03:04 AM
Also one notice about this script. You said that you are running it on windows, but script name ends .sh which usually means that it is shell (like bash) script which are not compatible with windows unless you have installed linux compatible feature or other packages which add e.g. bash into your server.
r. Ismo
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...