You could win up to $50,000 building Splunk apps in the Splunk>Apptitude contest. Learn more »
I am running Splunk 4.2.3 on WinXP 32Bit in VirtualBox. Everytime I try to add some files to my database I get this error:
Encountered the following error while trying to save: In handler 'oneshotinput': unable to open file: path='E:\Logauswertung\Logs\SystemOut\' error='The system cannot find the path specified.'
I just can't figure out, what I am doing wrong. Even when I am just trying to add some files from "C:" (of the guest system in VirtualBox) I get the error, not to ask about directories from the host system...
Can anyone please help a newbie... :)
sorry to say that, but you must be doing something wrong ;) I have multiple VM's running XP SP3 and various Splunk version 4.1.6 - 4.2.3 and they all work just fine.
do a fresh install and change nothing, take a VM snapshot and start your work in splunk by just adding one thing after the other, like 'oneshot' or over the UI directory monitoring.
and keep reading the docs, it's all there :)
check for any stanzas in any inputs.conf referring to E:LogauswertungLogsSystemOut and remove them. did you check splunkd.log, any errors there? try to add a oneshot with the cmd like this:
%SPLUNK_HOME%/bin/splunkd.exe add oneshot <PathToYourLogFiles>
hope this helps, if not docs is always ein guter Platz um etwas nachzulesen ;)
It's working for vboxsrvDocumentsLogauswertungenLogs now, I must have forgotten to check this option after the reinstall.
To add some knowledge: Services must not access network drives through drive mappings, they have to use the UNC names. See INFO: Services and Redirected Drives for more information.
Now i got the problem, that the splunk service isn't able to index the files in the network drive link described here Windows Mapped Drives and Light Forwarding. Here is the link given in that Thread: How to map a network drive to be used by a service.
I will try the solution given there.
Interesting to add: When I choose to "Upload and index" a file instead of "Continuously index data from a file or directory this Splunk instance can access" or "Index a file once from this Splunk server" it works from every path.
Using "Continuously index data from a file or directory this Splunk instance can access" gives a slightly different error:
Encountered the following error while trying to save: In handler 'monitor': Parameter name: Path does not exist.
Anyone there to help?
I checked the splunkd.log, the only thing I could find a couple times is this. Must be from the time a were able to add such a monitoring link:
TailingProcessor - Insufficient permissions to read file='\\VBOXSVR\Documents\Logauswertung\Logs\14.SystemOut.log' (hint: Incorrect function.).
I also tried your oneshot in cmd, this is the message I got:
C:\Program Files\Splunk\bin>splunkd.exe add oneshot E:\Logauswertung\Logs\SystemOut Couldn't open log file configuration "\etc\log.cfg": The operation completed successfully. Error loading logging config file
Does this help us?
I reinstalled Splunk and now I'am able to index files, which are in the guest system.
Unfortunality I still get the error "Encountered the following error while trying to save: In handler 'monitor': Parameter name: Path does not exist." when I am trying to add a network path.
I am using VirtualBox and its guest additions to access files on the host system. These files are to be found via this links fro the guest system:
Everytime I try to add this folders I get the error.
Its working for
now, but Splunk isn't indexing the files there. There must be a connection to this:
I am still checking the options. Thought this might be important for other guys too, so I post it here.