I am trying to add the forwader or list it, but it ends up in permission denied messsage
./splunk list forward-server
Splunk username: admin
Password:
Can't create directory "/root/.splunk": Permission denied
Need your help to fix this
We started the splunk instance using an service account.
But later we were trying to check the forwarder testing using root account which ends up wit above error.
we changed back to service account and it worked.
Either run the command as the same user as Splunk runs:
sudo -u splunk_user /path/to/splunk command
Or do the following for every user you want to run the commands (you have to insert the hostname and the mgmt port of your Splunk instance):
cd ~
mkdir .splunk
chmod 777 -R .splunk
touch .splunk/authToken_hostname_port
chmod 600 .splunk/authToken_hostname_port
You need to run above command with same user as splunk service is running.
if you have used the default usernames and paths you should be able run:
sudo -u splunk /opt/splunk/bin/splunk list forward-server
We started the splunk instance using an service account.
But later we were trying to check the forwarder testing using root account which ends up wit above error.
we changed back to service account and it worked.
Can you please let us know from which users you are trying to run above command? And from which user, splunk service is running??