Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why isn't lsof / open files working in *NIX?

GuyPaddock
Engager
‎05-07-2010 12:58 AM

I activated *NIX, and it's collecting all other types of data about the system, but I get no data entries for lsof. The script runs correctly when I invoke it myself (/opt/splunk/etc/apps/unix/bin/lsof.sh), and the input source is definitely enabled.

My uname: Linux 2.6.9-023stab051.3-enterprise #1 SMP Wed Nov 4 19:28:06 MSK 2009 i686 i686 i386 GNU/Linux

Tags (1)
Reply

heybigben
Explorer
‎04-19-2013 09:49 PM

Posted our workaround for this bug here: http://splunk-base.splunk.com/answers/78143/why-is-lsof_sossh-not-returning-any-data

0 Karma
Reply

asarolkar
Builder
‎02-15-2012 05:19 PM

Did that work for you ?

0 Karma
Reply

bwooden
Splunk Employee
Splunk Employee
‎05-08-2010 01:25 AM

What search command are you running?

Does "sourcetype=lsof index=os earliest=-1d" return any events?

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...