Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Creating: /Applications/splunk/var/lib/splunk
Creating: /Applications/splunk/var/run/splunk
Creating: /Applications/splunk/var/run/splunk/appserver/i18n
Creating: /Applications/splunk/var/run/splunk/appserver/modules/static/css
Creating: /Applications/splunk/var/run/splunk/upload
Creating: /Applications/splunk/var/spool/splunk
Creating: /Applications/splunk/var/spool/dirmoncache
Creating: /Applications/splunk/var/lib/splunk/authDb
Creating: /Applications/splunk/var/lib/splunk/hashDb
New certs have been generated in '/Applications/splunk/etc/auth'.
Checking critical directories... Done
Checking indexes...
homePath='/Applications/splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem.
Validating databases (splunkd validatedb) failed with code '1'. If you cannot resolve the issue(s) above after consulting documentation, please file a case online at http://www.splunk.com/page/submit_issue
rockys-MacBook-Pro:bin rocky$ ./splunk status
splunkd is not running.
If I recall. (i have seen this before on answers) its because of the new APFS file system on High Sierra.
[Edit: Here is the original answer: https://answers.splunk.com/answers/306998/why-am-i-getting-homepathoptsplunkvarlibsplunkaudi.html ]
Add the following line to $SPLUNK_HOME/etc/splunk-launch.conf
OPTIMISTIC_ABOUT_FILE_LOCKING = 1
If I recall. (i have seen this before on answers) its because of the new APFS file system on High Sierra.
[Edit: Here is the original answer: https://answers.splunk.com/answers/306998/why-am-i-getting-homepathoptsplunkvarlibsplunkaudi.html ]
Add the following line to $SPLUNK_HOME/etc/splunk-launch.conf
OPTIMISTIC_ABOUT_FILE_LOCKING = 1
Yeah I fixed it, I did the same. thank you.
This fixed the issue for me. I'm running macOS High Sierra version 10.13.3 (17D47)
I did a $ vi /Applications/Splunk/etc/splunk-launch.conf
then inserted the line OPTIMISTIC_ABOUT_FILE_LOCKING = 1
Relaunched Splunk and it worked
The problem seems to be with the file system where /Applications/splunk/var/lib/splunk/audit/d
will reside.
How much free space do you have on that filesystem? Is it an HFS filesystem? Is there anything else odd about that filesystem? Run:
splunkd validatedb
and see if you get any additional information.