Getting Data In

The system cannot find the path specified.

Katsche
Path Finder

Hello all,

I am running Splunk 4.2.3 on WinXP 32Bit in VirtualBox. Everytime I try to add some files to my database I get this error:

Encountered the following error while trying to save: In handler 'oneshotinput': unable to open file: path='E:\Logauswertung\Logs\SystemOut\' error='The system cannot find the path specified.'

I just can't figure out, what I am doing wrong. Even when I am just trying to add some files from "C:\" (of the guest system in VirtualBox) I get the error, not to ask about directories from the host system...

Can anyone please help a newbie... 🙂

Kind regards

Tags (3)
0 Karma
1 Solution

MuS
SplunkTrust
SplunkTrust

Hi Katsche

sorry to say that, but you must be doing something wrong 😉 I have multiple VM's running XP SP3 and various Splunk version 4.1.6 - 4.2.3 and they all work just fine.

do a fresh install and change nothing, take a VM snapshot and start your work in splunk by just adding one thing after the other, like 'oneshot' or over the UI directory monitoring.

and keep reading the docs, it's all there 🙂

cheers,
MuS

View solution in original post

Katsche
Path Finder

Its working for

\\vboxsrv\Documents\Logauswertungen\Logs

now, but Splunk isn't indexing the files there. There must be a connection to this:

How to map a network drive to be used by a service

Service Running as System Account Fails Accessing Network

I am still checking the options. Thought this might be important for other guys too, so I post it here.

0 Karma

Katsche
Path Finder

Ahh... !
Now i got the problem, that the splunk service isn't able to index the files in the network drive link described here Windows Mapped Drives and Light Forwarding. Here is the link given in that Thread: How to map a network drive to be used by a service.

I will try the solution given there.

Katsche
Path Finder

It's working for \vboxsrv\Documents\Logauswertungen\Logs now, I must have forgotten to check this option after the reinstall.

To add some knowledge: Services must not access network drives through drive mappings, they have to use the UNC names. See INFO: Services and Redirected Drives for more information.

MuS
SplunkTrust
SplunkTrust

sweet, so have fun then with your splunk setup 🙂

Katsche
Path Finder

I reinstalled Splunk and now I'am able to index files, which are in the guest system.

Unfortunality I still get the error "Encountered the following error while trying to save: In handler 'monitor': Parameter name: Path does not exist." when I am trying to add a network path.

I am using VirtualBox and its guest additions to access files on the host system. These files are to be found via this links fro the guest system:

E:\Logauswertungen\Logs\
\\vboxsrv\Documents\Logauswertungen\Logs

Everytime I try to add this folders I get the error.

0 Karma

Katsche
Path Finder

Hey,
will I be able to search on the topic in the old forums? Otherwise i will "contact" google and search for anything concerning services trying to access network drives.
Sounds promising.
Thank you very much

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi,

I rarely remember that there is some problem in Windows with services trying to access network drives. maybe you ran into this. please don't ask for the fix for that, way to long ago 😉

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi Katsche

sorry to say that, but you must be doing something wrong 😉 I have multiple VM's running XP SP3 and various Splunk version 4.1.6 - 4.2.3 and they all work just fine.

do a fresh install and change nothing, take a VM snapshot and start your work in splunk by just adding one thing after the other, like 'oneshot' or over the UI directory monitoring.

and keep reading the docs, it's all there 🙂

cheers,
MuS

Katsche
Path Finder

Good morning everyone. 🙂

I should be able to access files and directories no matter if I installed Splunk as a local user or in a domain, right? My Splunk is set up as local user.

Didn't anybody ever got this issue, I can't figure out any solution on my self...

0 Karma

Katsche
Path Finder

I tried some other things (one-by-one and all of them together):

  1. Removing the "read only" from all folders and files in the Splunk directory (there were some restrictions)
  2. Turning off the WinXP-Firewall
  3. Disable avast Antivirus

Still no change.

0 Karma

Katsche
Path Finder

I checked the splunkd.log, the only thing I could find a couple times is this. Must be from the time a were able to add such a monitoring link:

TailingProcessor - Insufficient permissions to read file='\\VBOXSVR\Documents\Logauswertung\Logs\14.SystemOut.log' (hint: Incorrect function.).

I also tried your oneshot in cmd, this is the message I got:

C:\Program Files\Splunk\bin>splunkd.exe add oneshot E:\Logauswertung\Logs\SystemOut
Couldn't open log file configuration "\etc\log.cfg": The operation completed successfully.
Error loading logging config file

Does this help us?

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi Katsche

check for any stanzas in any inputs.conf referring to E:\Logauswertung\Logs\SystemOut\ and remove them. did you check splunkd.log, any errors there? try to add a oneshot with the cmd like this:

%SPLUNK_HOME%/bin/splunkd.exe add oneshot <PathToYourLogFiles>

hope this helps, if not docs is always ein guter Platz um etwas nachzulesen 😉

cheers

Katsche
Path Finder

Interesting to add: When I choose to "Upload and index" a file instead of "Continuously index data from a file or directory this Splunk instance can access" or "Index a file once from this Splunk server" it works from every path.

Using "Continuously index data from a file or directory this Splunk instance can access" gives a slightly different error:

Encountered the following error while trying to save: In handler 'monitor': Parameter name: Path does not exist.

Anyone there to help?

0 Karma

MuS
SplunkTrust
SplunkTrust

check your %SPLUNK_HOME%/var/log/splunk/splunkd.log for errors - splunkd.log is your friend 🙂

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...