- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I'm trying to setup splunkforwarder in a new Linux server (CentOS 6.8), but every time I try to run splunkd, I get the following error:
# /opt/splunkforwarder/bin/splunkd
Couldn't open log file configuration "/etc/log.cfg": No such file or directory
Error loading logging config file
The problem is, the "log.cfg" file is currently contained within the path "/opt/splunkforwarder/etc/log.cfg" and I couldn't find a way to fix splunkd in order to make it look within "/opt/splunkforwarder/etc/" instead of "/etc/".
Any advice? I couldn't find the documentation to do it properly. Please let me know if there is a proper standard way to fix it, I don't want to reinvent the wheel.
Thanks in advance. 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

Use the same commands to start, stop or restart Splunk - regardless of whether it is a forwarder, an indexer or any other kind of Splunk instance:
/opt/splunkforwarder/bin/splunk start
/opt/splunkforwarder/bin/splunk stop
/opt/splunkforwarder/bin/splunk restart
Also, be sure that you are using the right user account to start Splunk. For example, if you created a user account named "splunkIT" to run the forwarder, be sure that you use that account to run the start command. And all the files in the /opt/splunkforwarder directory (and subdirectories) must be owned by "splunkIT" - or whatever account that you used.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

Use the same commands to start, stop or restart Splunk - regardless of whether it is a forwarder, an indexer or any other kind of Splunk instance:
/opt/splunkforwarder/bin/splunk start
/opt/splunkforwarder/bin/splunk stop
/opt/splunkforwarder/bin/splunk restart
Also, be sure that you are using the right user account to start Splunk. For example, if you created a user account named "splunkIT" to run the forwarder, be sure that you use that account to run the start command. And all the files in the /opt/splunkforwarder directory (and subdirectories) must be owned by "splunkIT" - or whatever account that you used.
