PROCESS Search error message

peter_gianusso · ‎10-25-2013

This erro?r in Splunk 6 is on the indexer.

ERROR ProcessDispatchedSearch - PROCESS_SEARCH - Error opening "C:\Program Files\Splunk\var\run\splunk\dispatch\scheduler__nobody_SUxJX0ltYWdpbmdfQXBw__RMD539773f0726cc8328_at_1382734800_49\search.log": The operation completed successfully.

Seems to have stopped searches and/or forwarder connectivity.

Any ideas?

aelliott · ‎12-05-2013

Make sure that the permissions of var/run and var/spool (and all their children) are correct. We found that ours had no permissions and adding these permissions fixed this issue, but not for all new search logs, they are created with no permissions and I think this is the issue. No knowing what causes this.

We found this to be an issue with our anti-virus locking files as they were created in the directories:
If this solves your problem, feel free to vote up sciurus post.
http://answers.splunk.com/answers/113539/error-spamming-splunkdlog-error-process_search

ashabc · ‎11-14-2013

I had similar error messages. In my case it sopped indexing incoming data.

It disappeared when I started sending log files in zipped format from source (in my case ironport proxy appliance) rather than plain text and it resolved my issue.

May be the size of the log files are too big. You may try to send data to Splunk more frequent. Not sure.

peter_gianusso · ‎11-15-2013

thanks for the suggestion but zipping up files is not an option

peter_gianusso · ‎11-15-2013

I do not have DBConnect installed

PROCESS Search error message

Index This | How many sides does a circle have?

New This Month - Splunk Observability updates and improvements for faster ...

What's New in Splunk Cloud Platform 9.3.2411?