We're unable to get the forwarder to index/re-index and populate data - any make out what is happening here? Thanks
03-06-2018 22:08:21.280 +0000 INFO TailReader - Ignoring file '/tmp/hsperfdata_root/3843' due to: binary
03-06-2018 22:08:39.078 +0000 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/SplunkForPCAP/bin/pcap2csv.sh" which: no tshark in (/opt/splunk/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
03-06-2018 22:08:39.104 +0000 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/SplunkForPCAP/bin/pcap2csv.sh" /opt/splunk/etc/apps/SplunkForPCAP/bin/pcap2csv.sh: line 8: -v: command not found
03-06-2018 22:08:39.111 +0000 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/SplunkForPCAP/bin/pcap2csv.sh" /opt/splunk/etc/apps/SplunkForPCAP/bin/pcap2csv.sh: line 31: [: : integer expression expected
03-06-2018 22:08:39.153 +0000 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/Splunk_TA_nix/bin/rlog.sh" Redirecting to /bin/systemctl status auditd.service
03-06-2018 22:08:40.347 +0000 WARN FileClassifierManager - The file '/tmp/hsperfdata_root/3843' is invalid. Reason: binary
03-06-2018 22:08:40.347 +0000 INFO TailReader - Ignoring file '/tmp/hsperfdata_root/3843' due to: binary
03-06-2018 22:08:48.320 +0000 WARN LineBreakingProcessor - Truncating line because limit of 1000000 bytes has been exceeded with a line length >= 1003520 - data_source="lsof", data_host="harplg01.stag.defence.gov.au", data_sourcetype="lsof"
03-06-2018 22:09:08.887 +0000 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/SplunkForPCAP/bin/pcap2csv.sh" which: no tshark in (/opt/splunk/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
03-06-2018 22:09:08.936 +0000 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/SplunkForPCAP/bin/pcap2csv.sh" /opt/splunk/etc/apps/SplunkForPCAP/bin/pcap2csv.sh: line 8: -v: command not found
03-06-2018 22:09:08.947 +0000 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/SplunkForPCAP/bin/pcap2csv.sh" /opt/splunk/etc/apps/SplunkForPCAP/bin/pcap2csv.sh: line 31: [: : integer expression expected
03-06-2018 22:09:10.449 +0000 WARN FileClassifierManager - The file '/tmp/hsperfdata_root/3843' is invalid. Reason: binary
03-06-2018 22:09:10.449 +0000 INFO TailReader - Ignoring file '/tmp/hsperfdata_root/3843' due to: binary
03-06-2018 22:09:19.336 +0000 WARN DateParserVerbose - Accepted time format has changed ((?i)(?
↧