All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App for Windows Infrastructure: Created "sendtoindexer" app per documentation, but why is outputs.conf not on the deployment client?

gstefancyk
Path Finder
‎11-30-2016 12:57 PM

I have created a "sendtoindexer" app following Splunk App for Windows Infrastructure 1.4 documentation and I cannot seem to get the outputs.conf file to push down to the deployment client. The app is showing as installed from the deployment server but I do not see any outputs.conf file on the deployment client. The rest of the folders and files of the app exist on the client but no outputs.conf.

I have restarted Splunk services on the deployment client, reloaded the deployment server, and restarted Splunk on the deployment server but outputs.conf will not push down to the deployment client.

Thanks in advance.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gstefancyk
Path Finder
‎11-30-2016 01:20 PM

Looking in splunkd logs I have found my issue but I am not sure why I am running into these permissions issues..

11-30-2016 16:11:03.548 -0500 ERROR Archiver - Failed to open file="C:\Program Files\Splunk\etc\deployment-apps\sendtoindexer\local\outputs.conf": Access is denied.

I have fixed this issue by adding SYSTEM to have full control of the file, but moving forward how do I prevent this when creating additional files?

View solution in original post

0 Karma
Reply
Solved! Jump to solution

Heff
Splunk Employee
Splunk Employee
‎11-30-2016 02:21 PM

What use is Splunk running as? Local System?

0 Karma
Reply
Solved! Jump to solution

gstefancyk
Path Finder
‎12-02-2016 04:35 AM

Splunk is running as local system.

0 Karma
Reply
Solved! Jump to solution
Solution

gstefancyk
Path Finder
‎11-30-2016 01:20 PM

Looking in splunkd logs I have found my issue but I am not sure why I am running into these permissions issues..

11-30-2016 16:11:03.548 -0500 ERROR Archiver - Failed to open file="C:\Program Files\Splunk\etc\deployment-apps\sendtoindexer\local\outputs.conf": Access is denied.

I have fixed this issue by adding SYSTEM to have full control of the file, but moving forward how do I prevent this when creating additional files?

0 Karma
Reply
Get Updates on the Splunk Community!

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...