Hello to everyone! I have many FlexEngine.log files in different directories that are ingested by Splunk UF 9.0.8 The path from logs is network share on the Windows Server, in which client-side app...
See more...
Hello to everyone! I have many FlexEngine.log files in different directories that are ingested by Splunk UF 9.0.8 The path from logs is network share on the Windows Server, in which client-side application write via SMB Some files are ingested without errors, but others have errors that you can see below: 03-18-2024 11:39:23.852 +0300 ERROR TailReader [10000 tailreader0] - error from read call from 'L:\App\UEM\CB\UserSettings\username\FlexEngine.log'.
03-18-2024 11:39:27.839 +0300 WARN FileClassifierManager [10000 tailreader0] - Unable to open 'L:\App\UEM\CB\UserSettings\username\FlexEngine.log'.
03-18-2024 11:39:27.839 +0300 WARN FileClassifierManager [10000 tailreader0] - The file 'L:\App\UEM\CB\UserSettings\username\FlexEngine.log' is invalid. Reason: cannot_open. inputs.conf looks like: [monitor://L:\App\UEM\CB\UserSettings\*\FlexEngine.log]
disabled = false
index = dem
sourcetype = dem_file_log and this is an example of a file: 2024-03-18 07:01:32.889 [INFO ] Starting FlexEngine v9.9.0.905 [IFP#14d600e0-T5>>]
2024-03-18 07:01:32.889 [INFO ] Running as Group Policy client-side extension
2024-03-18 07:01:32.889 [INFO ] Performing path-based import
2024-03-18 07:01:32.890 [DEBUG] User: domain\username, Computer: ComputerName, OS: x64-win10 (Version 1809, BuildNumber 17763.5329, SuiteMask 100, ProductType 1/7d, Lang 0419, IE 11.1790.17763.0, VMware VDM 7.12.0, App Volumes 2.18.6.24, DEM 9.9.0.905, ProcInfo 1/1/2/2, UTC+03:00N), PTS: 6108/2768/1CT
2024-03-18 07:01:32.890 [DEBUG] Profile state: local (0x00000204)
2024-03-18 07:01:32.890 [DEBUG] Recursively processing config files from path '\\domain\app\UEM\CB\Settings\general'
2024-03-18 07:01:32.890 [DEBUG] Using profile archive path '\\domain\app\UEM\CB\UserSettings\username'
2024-03-18 07:01:32.890 [DEBUG] Last modified dates will be restored
2024-03-18 07:01:32.890 [DEBUG] Logging to file '\\domain\app\UEM\CB\UserSettings\username\FlexEngine.log'
2024-03-18 07:01:32.890 [DEBUG] Log file will be overwritten when larger than 512 kilobytes Which problems can lead to these errors? Can it be file-blocking by a client-side app, or must Splunk UF handle this situation?