Hi
I am using eStreamer app in Splunk, I am unable to get streamer logs displayed on Splunk Search Head. We are utilizing a heavy forwarder server to dump the streamer logs onto 'log' folder on this heavy forwarder server. The logs are regularly getting dumped in the 'log' folder, successful connection is established within the heavy forwarder and indexers and between heavy forwarder and the streamer management console which runs the service on port 8302.
A look in splunkd.log shows the following error:
10-24-2016 15:21:36.349 -0500 ERROR ExecProcessor - message from "python /oap/poap/a00/splunk/etc/apps/eStreamer/bin/client_check.py" Oct 24 15:21:36 [20956] Daemonizing process
But manually invoking the client_check.py script shows that client is running, Splunk has permission to read the script as well
-rwxr-xr-x 1 splunk splunk 8753 Oct 18 13:28 client_check.py
splunk@eagnmnmbp275:/oap/poap/a00/splunk/etc/apps/eStreamer/bin> ./client_check.py
event_sec=1477341054 status_id=1 status="eStreamer client is running."
Can someone assist me in troubleshooting this issue?
Thanks
Mohammed
↧