- Splunk Answers
- :
- Splunk Administration
- :
- Installation
- :
- Re: I tried to install Splunk in my personal lapto...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Creating: /Applications/splunk/var/lib/splunk
Creating: /Applications/splunk/var/run/splunk
Creating: /Applications/splunk/var/run/splunk/appserver/i18n
Creating: /Applications/splunk/var/run/splunk/appserver/modules/static/css
Creating: /Applications/splunk/var/run/splunk/upload
Creating: /Applications/splunk/var/spool/splunk
Creating: /Applications/splunk/var/spool/dirmoncache
Creating: /Applications/splunk/var/lib/splunk/authDb
Creating: /Applications/splunk/var/lib/splunk/hashDb
New certs have been generated in '/Applications/splunk/etc/auth'.
Checking critical directories... Done
Checking indexes...
homePath='/Applications/splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem.
Validating databases (splunkd validatedb) failed with code '1'. If you cannot resolve the issue(s) above after consulting documentation, please file a case online at http://www.splunk.com/page/submit_issue
rockys-MacBook-Pro:bin rocky$ ./splunk status
splunkd is not running.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I recall. (i have seen this before on answers) its because of the new APFS file system on High Sierra.
[Edit: Here is the original answer: https://answers.splunk.com/answers/306998/why-am-i-getting-homepathoptsplunkvarlibsplunkaudi.html ]
Add the following line to $SPLUNK_HOME/etc/splunk-launch.conf
OPTIMISTIC_ABOUT_FILE_LOCKING = 1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I recall. (i have seen this before on answers) its because of the new APFS file system on High Sierra.
[Edit: Here is the original answer: https://answers.splunk.com/answers/306998/why-am-i-getting-homepathoptsplunkvarlibsplunkaudi.html ]
Add the following line to $SPLUNK_HOME/etc/splunk-launch.conf
OPTIMISTIC_ABOUT_FILE_LOCKING = 1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yeah I fixed it, I did the same. thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This fixed the issue for me. I'm running macOS High Sierra version 10.13.3 (17D47)
I did a $ vi /Applications/Splunk/etc/splunk-launch.conf
then inserted the line OPTIMISTIC_ABOUT_FILE_LOCKING = 1
Relaunched Splunk and it worked
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The problem seems to be with the file system where /Applications/splunk/var/lib/splunk/audit/d will reside.
How much free space do you have on that filesystem? Is it an HFS filesystem? Is there anything else odd about that filesystem? Run:
splunkd validatedb
and see if you get any additional information.
Detecting Remote Code Executions With the Splunk Threat Research Team
Observability | Use Synthetic Monitoring for Website Metadata Verification
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
