I've singe SPF forwarding to 3 indexers in a cluster, after changing the file permissions to rw from rwx the splunk forwarder stopped indexing files from input dirs. have seen logs no clues found. Any suggestions when to look for errors/exceptions. TIA.
Directories have to be executable in order to do anything inside them
It's the nature of *nix permissioning
I assume the directories that were changes may be owned by root permissions. I would suggest you make the following changes
As root user run the following command:
chown -R splunk:splunk /opt/splunk/