I logged in to splunk and changed the license to "Free license"
I added the apps :
Splunk Add-on for *Nix
Splunk App for Unix
When I open Splunk Add-on for Unix and Linux : Setup
I want to enable “var/log”. When I click on “save”, I get the error :
“There was an unexpected problem while saving the inputs. Please reload the page and try again. “
I added the user “splunk” to the syslog group. Same issue.
I change the /etc/passwd to “splunk:x:0:0:Splunk Server:/opt/splunk:/bin/bash”. Same issue
So Splunk Enterprise with the Free license is running on one host.
Does someone know the proper way to have the “Splunk App for Unix” to read the log on the host where splunk is installed?
I have the same issue when I use “Data Intput” –-> “Local Inputs” –-> “Files & directories” –-> “Add new” –-> “/var/log”. I get the error “This path does not exist or is not accessible. “. I guess this is the same issue with rights.
When possible please provide also the correct commands, to add the rights to the user “splunk”