Re: Error ProcessDispatchedSearch - PROCESS_SEARCH...

mookiie2005 · ‎03-17-2014

ERROR ProcessDispatchedSearch - PROCESS_SEARCH "XXX": The process cannot access the file because it is being used by another process.

we are getting these messages over and over 100's of times in the splunkd logs. We tried to clean out the dispatch directory and that has not had an impact. We just upgraded from Splunk version 5.0.3 to version 6.0.2.

mookiie2005 · ‎07-14-2014

I opened a splunk case for this issue. I was told that SPL-82288 version 6.0.6 will have a fix for this issue.

here is a temporary work around:

As a workaround, I suggest turning the log level of ProcessDispatchedSearch to CRITICAL or FATAL so that these "ERROR" level messages aren't displayed.
Note that the most serious problem here is just that splunkd.log gets polluted by all these messages which are supposed to be targeted to local search.log files. Basically, the search process is trying to open it's local /search.log, fails doing so, and therefore logs a message that is re-directed to splunkd because the local logging is not setup. We should just more or less ignore those re-directed messages.

slierninja · ‎08-27-2014

Looks like this is fixed in 6.1.3 (SPL-82288)(SPL-84457)

Error ProcessDispatchedSearch - PROCESS_SEARCH spamming splund logs

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases