Reporting

PROCESS Search error message

peter_gianusso
Communicator

This erro?r in Splunk 6 is on the indexer.

ERROR ProcessDispatchedSearch - PROCESS_SEARCH - Error opening "C:\Program Files\Splunk\var\run\splunk\dispatch\scheduler__nobody_SUxJX0ltYWdpbmdfQXBw__RMD539773f0726cc8328_at_1382734800_49\search.log": The operation completed successfully.

Seems to have stopped searches and/or forwarder connectivity.

Any ideas?

Tags (2)

aelliott
Motivator

Make sure that the permissions of var/run and var/spool (and all their children) are correct. We found that ours had no permissions and adding these permissions fixed this issue, but not for all new search logs, they are created with no permissions and I think this is the issue. No knowing what causes this.

We found this to be an issue with our anti-virus locking files as they were created in the directories:
If this solves your problem, feel free to vote up sciurus post.
http://answers.splunk.com/answers/113539/error-spamming-splunkdlog-error-process_search

0 Karma

ashabc
Contributor

I had similar error messages. In my case it sopped indexing incoming data.

It disappeared when I started sending log files in zipped format from source (in my case ironport proxy appliance) rather than plain text and it resolved my issue.

May be the size of the log files are too big. You may try to send data to Splunk more frequent. Not sure.

0 Karma

peter_gianusso
Communicator

thanks for the suggestion but zipping up files is not an option

0 Karma

peter_gianusso
Communicator

I do not have DBConnect installed

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...