Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunkd.log Moved to /var/log/splunk

hartfoml
Motivator
‎08-16-2013 09:00 AM

My splunkd.log file moved to ./var/log/splunk/ this file is recording a lot of unusual log entries and rolling over quite often. Attached is an image of the log files.

I have two questions.

1) How do I get the log files back to $SPLUNKHOME/var/log/splunk/...?
2) How do I stop the unusual log files from overwhelming?

Any help would be appreciated.

08-16-2013 10:54:40.379 -0500 INFO ExecProcessor - Ran script: python /opt/splunkf/splunk/etc/apps/dbx/bin/jbridge_server.py, took 228.6 milliseconds to run, 0 bytes read, exited with code 1
08-16-2013 10:54:40.611 -0500 INFO ExecProcessor - Ran script: python /opt/splunkf/splunk/etc/apps/dbx/bin/jbridge_server.py, took 230.7 milliseconds to run, 0 bytes read, exited with code 1
08-16-2013 10:54:40.840 -0500 INFO ExecProcessor - Ran script: python /opt/splunkf/splunk/etc/apps/dbx/bin/jbridge_server.py, took 227.9 milliseconds to run, 0 bytes read, exited with code 1
08-16-2013 10:54:40.992 -0500 WARN DateParserVerbose - A possible timestamp match (mojojojo:/vobstore/cots/vobs/dragon.vbs /vobs/cots/dragon mvfs uuid=95c728af.920211) is outside of the acceptable time window. If this timestamp is correct, consider adjusting MAX_DAYS_AGO and MAX_DAYS_HENCE. Context="source::/etc/mtab|host::blade012|mtab-too_small|remoteport::56543"

Log Image File

Tags (2)
0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎08-16-2013 09:10 AM

You should check if your $SPLUNK_HOME/etc/log.cfg has not be modified (get a new one from a fresh install if needed)

and also check if you have an hardcoded definition of $SPLUNK_HOME in your $SPLUNK_HOME/etc/splunk-launch.conf

0 Karma
Reply

jgedeon120
Contributor
‎08-17-2013 07:33 AM

appender.A1.fileName=/var/log/splunk/splunkd.log, change to appender.A1.fileName=${SPLUNK_HOME}/var/log/splunk/splunkd.log

You may want to look at other entries.

0 Karma
Reply

hartfoml
Motivator
‎08-16-2013 09:53 AM

in the log.cfg I have this config

# $SPLUNK_HOME/var/log/splunk/splunkd_std...
appender.A1.fileName=/var/log/splunk/splunkd.log

in the splunk-launch.conf I have this config

SPLUNK_HOME=/opt/splunk
SPLUNK_BINDIP=X.X.X.X

yet the logs are in the "./var/log/splunk" not the "/opt/splunk/var/log/splunk"

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...