All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App for Stream: streamfwd command not found error[SOLVED]

w0lverineNOP
Path Finder
‎03-13-2015 12:33 PM

I am trying to run Stream against pcap data. I am having trouble executing the streamfwd command. I am in $SPLUNK_HOME/etc/apps/Splunk_TA_stream/linux_86_64/bin

I run:
>>#streamfwd -r /data.cap

>>streamfwd: command not found

What do you think is causing this error? I have confirmed the following:

  • I ran the file command on streamfwd and the output is: setuid ELF 64 bit executable

  • The [streamfwd://streamfwd] stanza contains the correct location (URI) of your splunk_app_stream installation

  • setuid.sh is running as root

Any troubleshooting suggestions would be greatly appreciated. Another way of solving my problem of trying to index pcaps with stream is to run tcpreplay on a specific interface and have the streamfwd listening on the specific interface, this technique should work as well if all else fails correct?

UPDATE: ./streamfwd

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mdickey_splunk
Splunk Employee
Splunk Employee
‎03-13-2015 12:44 PM

You likely do not have the current working directory in your PATH. Try ./streamfwd -r /data.cap

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

mdickey_splunk
Splunk Employee
Splunk Employee
‎03-13-2015 12:44 PM

You likely do not have the current working directory in your PATH. Try ./streamfwd -r /data.cap

0 Karma
Reply
Solved! Jump to solution

w0lverineNOP
Path Finder
‎03-13-2015 01:11 PM

It is the correct path. Though I tried that and still the same error. If it was a working directory error wouldn't streamfwd command be recognized and I would receive a directory path not found error?

Could it actually be the command itself?

0 Karma
Reply
Solved! Jump to solution

mdickey_splunk
Splunk Employee
Splunk Employee
‎03-13-2015 01:51 PM

Hmm.. does the streamfwd file have executable permissions set? chmod a+x streamfwd

0 Karma
Reply
Solved! Jump to solution

w0lverineNOP
Path Finder
‎03-13-2015 02:05 PM

No change. And I also tried chmod 755 streamfwd

I tried to move my data.cap into the ../bin directory with streamfwd. It disappeared. Also I tried to cat streamfwd doesn't even recognize streamfwd is their (though I see it in the directory)
The file permissions for bin is the following:
-rwxr-xr-x

I am wondering could you run the streamfwd? I have reinstalled the app twice ... I might need to reinstall Splunk??

0 Karma
Reply
Solved! Jump to solution

mdickey_splunk
Splunk Employee
Splunk Employee
‎03-13-2015 02:33 PM

Honestly, it sounds like you may need to reinstall your OS. Disappearing files and such means something is seriously corrupted.

0 Karma
Reply
Solved! Jump to solution

w0lverineNOP
Path Finder
‎03-13-2015 04:11 PM

./streamfwd That was my problem.

Thank you for trying to help!!!

0 Karma
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...