Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- How to properly setup splunkforwarder in CentOS 6....
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I'm trying to setup splunkforwarder in a new Linux server (CentOS 6.8), but every time I try to run splunkd, I get the following error:
# /opt/splunkforwarder/bin/splunkd
Couldn't open log file configuration "/etc/log.cfg": No such file or directory
Error loading logging config file
The problem is, the "log.cfg" file is currently contained within the path "/opt/splunkforwarder/etc/log.cfg" and I couldn't find a way to fix splunkd in order to make it look within "/opt/splunkforwarder/etc/" instead of "/etc/".
Any advice? I couldn't find the documentation to do it properly. Please let me know if there is a proper standard way to fix it, I don't want to reinvent the wheel.
Thanks in advance. 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Use the same commands to start, stop or restart Splunk - regardless of whether it is a forwarder, an indexer or any other kind of Splunk instance:
/opt/splunkforwarder/bin/splunk start
/opt/splunkforwarder/bin/splunk stop
/opt/splunkforwarder/bin/splunk restart
Also, be sure that you are using the right user account to start Splunk. For example, if you created a user account named "splunkIT" to run the forwarder, be sure that you use that account to run the start command. And all the files in the /opt/splunkforwarder directory (and subdirectories) must be owned by "splunkIT" - or whatever account that you used.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Use the same commands to start, stop or restart Splunk - regardless of whether it is a forwarder, an indexer or any other kind of Splunk instance:
/opt/splunkforwarder/bin/splunk start
/opt/splunkforwarder/bin/splunk stop
/opt/splunkforwarder/bin/splunk restart
Also, be sure that you are using the right user account to start Splunk. For example, if you created a user account named "splunkIT" to run the forwarder, be sure that you use that account to run the start command. And all the files in the /opt/splunkforwarder directory (and subdirectories) must be owned by "splunkIT" - or whatever account that you used.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
