Splunk Enterprise Security

Splunk Enterprise Security: Why do I receive "command="xswhere", [Errno 13] Permission denied" error when trying to perform a correlation search?

deepu123
Explorer

Hello,
some correlation searches don't trigger. when I copy the search and tried to run on search window, I am getting error: "command="xswhere", [Errno 13] Permission denied". is this related to an extreme search permission issue?
thanks in advance.

Regards,
Deepak

0 Karma
1 Solution

deepu123
Explorer

It was file permission issue, I changed the permission and now it's working 🙂

View solution in original post

deepu123
Explorer

It was file permission issue, I changed the permission and now it's working 🙂

jkat54
SplunkTrust
SplunkTrust

The solution is to give appropriate permissions on the python files in /bin in the extreme search app.

for example, you might need execute bit enabled. So you could use ‘chmod +x’.

Another example, maybe the user splunk is running as doesn’t have execute permissions on the pyton files.

0 Karma
Get Updates on the Splunk Community!

Message Parsing in SOCK

Introduction This blog post is part of an ongoing series on SOCK enablement. In this blog post, I will write ...

Exploring the OpenTelemetry Collector’s Kubernetes annotation-based discovery

We’ve already explored a few topics around observability in a Kubernetes environment -- Common Failures in a ...

Use ‘em or lose ‘em | Splunk training units do expire

Whether it’s hummus, a ham sandwich, or a human, almost everything in this world has an expiration date. And, ...