Hello all,
I am running Splunk 4.2.3 on WinXP 32Bit in VirtualBox. Everytime I try to add some files to my database I get this error:
Encountered the following error while trying to save: In handler 'oneshotinput': unable to open file: path='E:\Logauswertung\Logs\SystemOut\' error='The system cannot find the path specified.'
I just can't figure out, what I am doing wrong. Even when I am just trying to add some files from "C:\" (of the guest system in VirtualBox) I get the error, not to ask about directories from the host system...
Can anyone please help a newbie... 🙂
Kind regards
Hi Katsche
sorry to say that, but you must be doing something wrong 😉 I have multiple VM's running XP SP3 and various Splunk version 4.1.6 - 4.2.3 and they all work just fine.
do a fresh install and change nothing, take a VM snapshot and start your work in splunk by just adding one thing after the other, like 'oneshot' or over the UI directory monitoring.
and keep reading the docs, it's all there 🙂
cheers,
MuS
Its working for
\\vboxsrv\Documents\Logauswertungen\Logs
now, but Splunk isn't indexing the files there. There must be a connection to this:
How to map a network drive to be used by a service
Service Running as System Account Fails Accessing Network
I am still checking the options. Thought this might be important for other guys too, so I post it here.
Ahh... !
Now i got the problem, that the splunk service isn't able to index the files in the network drive link described here Windows Mapped Drives and Light Forwarding. Here is the link given in that Thread: How to map a network drive to be used by a service.
I will try the solution given there.
It's working for \vboxsrv\Documents\Logauswertungen\Logs now, I must have forgotten to check this option after the reinstall.
To add some knowledge: Services must not access network drives through drive mappings, they have to use the UNC names. See INFO: Services and Redirected Drives for more information.
sweet, so have fun then with your splunk setup 🙂
I reinstalled Splunk and now I'am able to index files, which are in the guest system.
Unfortunality I still get the error "Encountered the following error while trying to save: In handler 'monitor': Parameter name: Path does not exist." when I am trying to add a network path.
I am using VirtualBox and its guest additions to access files on the host system. These files are to be found via this links fro the guest system:
E:\Logauswertungen\Logs\
\\vboxsrv\Documents\Logauswertungen\Logs
Everytime I try to add this folders I get the error.
Hey,
will I be able to search on the topic in the old forums? Otherwise i will "contact" google and search for anything concerning services trying to access network drives.
Sounds promising.
Thank you very much
Hi,
I rarely remember that there is some problem in Windows with services trying to access network drives. maybe you ran into this. please don't ask for the fix for that, way to long ago 😉
Hi Katsche
sorry to say that, but you must be doing something wrong 😉 I have multiple VM's running XP SP3 and various Splunk version 4.1.6 - 4.2.3 and they all work just fine.
do a fresh install and change nothing, take a VM snapshot and start your work in splunk by just adding one thing after the other, like 'oneshot' or over the UI directory monitoring.
and keep reading the docs, it's all there 🙂
cheers,
MuS
Good morning everyone. 🙂
I should be able to access files and directories no matter if I installed Splunk as a local user or in a domain, right? My Splunk is set up as local user.
Didn't anybody ever got this issue, I can't figure out any solution on my self...
I tried some other things (one-by-one and all of them together):
Still no change.
I checked the splunkd.log, the only thing I could find a couple times is this. Must be from the time a were able to add such a monitoring link:
TailingProcessor - Insufficient permissions to read file='\\VBOXSVR\Documents\Logauswertung\Logs\14.SystemOut.log' (hint: Incorrect function.).
I also tried your oneshot in cmd, this is the message I got:
C:\Program Files\Splunk\bin>splunkd.exe add oneshot E:\Logauswertung\Logs\SystemOut
Couldn't open log file configuration "\etc\log.cfg": The operation completed successfully.
Error loading logging config file
Does this help us?
Hi Katsche
check for any stanzas in any inputs.conf referring to E:\Logauswertung\Logs\SystemOut\ and remove them. did you check splunkd.log, any errors there? try to add a oneshot with the cmd like this:
%SPLUNK_HOME%/bin/splunkd.exe add oneshot <PathToYourLogFiles>
hope this helps, if not docs is always ein guter Platz um etwas nachzulesen 😉
cheers
Interesting to add: When I choose to "Upload and index" a file instead of "Continuously index data from a file or directory this Splunk instance can access" or "Index a file once from this Splunk server" it works from every path.
Using "Continuously index data from a file or directory this Splunk instance can access" gives a slightly different error:
Encountered the following error while trying to save: In handler 'monitor': Parameter name: Path does not exist.
Anyone there to help?
check your %SPLUNK_HOME%/var/log/splunk/splunkd.log for errors - splunkd.log is your friend 🙂