Installation

Why am I getting errors in splunk 6.1.3 trying to enable boot-start on Redhat?

PierreE
Path Finder

I have this error when i want to activate boot-start. I am currently on a RedHat server.

[root@BDSPLUNL01 bin]# ./splunk enable boot-start -user splunk
Warning: cannot create "/opt/splunk/var/log/splunk"
Warning: cannot create "/opt/splunk/var/log/introspection"
Init script installed at /etc/init.d/splunk.
Init script is not configured to run at boot.
[root@BDSPLUNL01 bin]#

I saw previous questions about this issue but I did not solve it.

0 Karma
1 Solution

PierreE
Path Finder

I solved the issue.

1- Uninstalled, Installed again
2- sudo -u splunk ./splunk start --accept-license
3- ps -auxw

And the problem was there, indeed I think that i hadn't start splunk with the user splunk.

Thank you n00badmin !

View solution in original post

PierreE
Path Finder

I solved the issue.

1- Uninstalled, Installed again
2- sudo -u splunk ./splunk start --accept-license
3- ps -auxw

And the problem was there, indeed I think that i hadn't start splunk with the user splunk.

Thank you n00badmin !

n00badmin
Communicator

Awesome!

Yeah uninstall/reinstall was going to be my next suggestion. Glad to see it's working!

n00badmin
Communicator

looks permissions related, who owns /opt/splunk/var/log dir??

n00badmin
Communicator

i believe that's your issue...in your boot-start command you are using '-user splunk' but it seems root owns /opt/splunk...

Firstly do you have a user called splunk on your machine?

if so you can chown splunk:splunk /opt/splunk

if not you could always just remove '-user splunk' from your boot-start command...

PierreE
Path Finder

Yes I have a user splunk. I did what you tell me to do :

drwxr-xr-x 4 splunk splunk 4096 30 juil. 01:34 bin
-r--r--r-- 1 splunk splunk 57 30 juil. 01:13 copyright.txt
drwxr-xr-x 15 splunk splunk 4096 1 déc. 11:19 etc
drwxr-xr-x 3 splunk splunk 4096 30 juil. 01:32 include
drwxr-xr-x 6 splunk splunk 4096 30 juil. 01:34 lib
-r--r--r-- 1 splunk splunk 49092 30 juil. 01:13 license-eula.txt
drwxr-xr-x 3 splunk splunk 4096 30 juil. 01:30 openssl
-r--r--r-- 1 splunk splunk 506 30 juil. 01:04 README-splunk.txt
drwxr-xr-x 3 splunk splunk 4096 30 juil. 01:34 share
drwxr-xr-x 8 splunk splunk 4096 28 nov. 15:09 splunk
-r--r--r-- 1 splunk splunk 840969 30 juil. 01:13 splunk-6.1.3-220630-Linux-x86_64-manifest
drwxrwxrwx 6 splunk splunk 4096 28 nov. 15:15 var

But ... :

[splunk@BDSPLUNL01 bin]$ sudo ./splunk enable boot-start
Init script installed at /etc/init.d/splunk.
Init script is not configured to run at boot.

[splunk@BDSPLUNL01 bin]$ sudo ./splunk enable boot-start -user splunk
Init script installed at /etc/init.d/splunk.
Init script is not configured to run at boot.

In the directory init.d :

[splunk@BDSPLUNL01 init.d]$ ls
README

0 Karma

n00badmin
Communicator

try 'chkconfig splunk on' ? seems like the init script needs attention

0 Karma

PierreE
Path Finder

[splunk@BDSPLUNL01 splunk]$ sudo chkconfig splunk on
[splunk@BDSPLUNL01 splunk]$ sudo chkconfig --list splunk
splunk 0:arrêt 1:arrêt 2:marche 3:marche 4:marche 5:marche 6:arrêt

And :

[splunk@BDSPLUNL01 bin]$ sudo ./splunk enable boot-start
Init script installed at /etc/init.d/splunk.
Init script is not configured to run at boot.

[splunk@BDSPLUNL01 bin]$ sudo ./splunk enable boot-start -user splunk
Warning: cannot create "/opt/splunk/var/log/splunk"
Warning: cannot create "/opt/splunk/var/log/introspection"
Init script installed at /etc/init.d/splunk.
Init script is not configured to run at boot.

I don't understand

0 Karma

n00badmin
Communicator

those run levels look fine to me..try rebooting and seeing if splunk runs...

0 Karma

PierreE
Path Finder

[root@BDSPLUNL01 bin]# ./splunk start

Splunk> Take the sh out of IT.

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _blocksignature _internal _introspection _thefishbucket history ioc_search_results main summary
Done
ERROR - Error opening "/opt/splunk/var/log/splunk/splunkd-utility.log": Permission denied
Could not determine whether the path specified in the environment variable SPLUNK_DB ("/opt/splunk/var/lib/splunk") was a directory: Permission denied
Locking test failed on filesystem in path /opt/splunk/var/lib/splunk with code '3'. Please file a case online at http://www.splunk.com/page/submit_issue
Checking filesystem compatibility...

I'm in root, these are the permissions :
-rw------- 1 splunk splunk 6170 1 déc. 14:22 splunkd-utility.log

0 Karma

n00badmin
Communicator

is this a fresh install?

Has splunk ever ran for you?

0 Karma

PierreE
Path Finder

Root is the owner :

drwx------ 6 root root 4096 28 nov. 15:15 var

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...