I'm trying to run a very basic search against XML formatted events:
sourcetype=ilo:events | xmlkv
I'm getting the following error back from my search head:
9 errors occurred while the search was executing. Therefore, search results might be incomplete. Hide errors.
•[SearchPeer1] Streamed search execute failed because: Error in 'xmlkv' command: Cannot find program 'xmlkv' or script 'xmlkv'.
•[SearchPeer2] Search process did not exit cleanly, exit_code=255, description="exited with code 255". Please look in search.log for this peer in the Job Inspector for more info.
•[Searchpeer2] Streamed search execute failed because: Error in 'xmlkv' command: Cannot find program 'xmlkv' or script 'xmlkv'.
•[SearchPeer3] Search process did not exit cleanly, exit_code=-1, description="exited with code -1". Please look in search.log for this peer in the Job Inspector for more info.
•[Searchpeer3] Streamed search execute failed because: Error in 'xmlkv' command: Cannot find program 'xmlkv' or script 'xmlkv'.
•[Searchpeer4] Streamed search execute failed because: Error in 'xmlkv' command: Cannot find program 'xmlkv' or script 'xmlkv'.
so on and so on..
But I can check each of these indexers and xmlkv is indeed there and enabled with global read permissions..
↧