All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk_TA_nix cannot open scripts

sjcoluccio67
Explorer
‎07-03-2018 08:26 AM

Hey Everyone,

I installed Splunk_TA_nix on my Ubuntu 16.04.2 server. After enabling some scripts and not seeing any data beng monitored, I checked splunkd.log and I see the following error:

07-03-2018 16:13:04.110 +0100 ERROR ExecProcessor - message from "/opt/splunkforwarder/etc/apps/Splunk_TA_nix/bin/cpu.sh" /bin/sh: 0: Can't open

For some reason the UF cannot of the .sh script files. As shown below, Splunk is the owner of those files and it has execute permissions:

-rwxrwxr-x 1 splunk splunk 3447 Jul 3 15:21 bandwidth.sh*
-rwxrwxr-x 1 splunk splunk 3997 Jul 3 15:21 common.sh*
-rwxrwxr-x 1 splunk splunk 3997 Jul 3 15:21 common.sh*

Does anyone know what is wrong here?

Reply

sloshburch
Splunk Employee
Splunk Employee
‎01-07-2019 11:00 AM

This symptom also occurs if Windows line endings got in the way. If you are able to vi the files, you may see some Windows interference on the line endings.

In that case, you can either:

  1. Redeploy the app by downloading again from Splunkbase.
  2. Convert the file's line endings with something like perl -pi -e 's/\r\n/\n/g' filename

Although this could be a larger issue if your deployment server is a Windows machine. In that case, you may have line ending issues more pervasive than those scripts.

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎01-16-2019 12:22 PM

I've built upon this topic with the What are best practices for deploying the Splunk Add-on for Unix and Linux in a distributed environm...

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎01-04-2019 08:43 AM

What user is Splunk running as? It could be accidentally not running as 'splunk', the owner of those scripts.

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎01-03-2019 02:32 PM

Ya, the issue is actually the commands those scripts run. If you run the script manually you'll be able to replicate it. The unix commands those scripts depend on need you to hook them up with the read/execute permissions.

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

The Splunk Community Dashboard Challenge is still happening, and it's not too late to enter for the week of ...

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...