Re: Receiving this warning: "cannot create "/opt/s...

dataops · ‎05-29-2019

Why am I receieving this error?

Warning: cannot create "/opt/splunk/var/log/watchdog"

Pid file "/opt/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission denied
Pid file "/opt/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission denied
Pid file "/opt/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission denied

richgalloway · ‎05-29-2019

This can happen if Splunk is run as root and then run as a non-root user without changing the ownership of all files in /opt/splunk.

---
If this reply helps you, Karma would be appreciated.

codebuilder · ‎05-30-2019

Agree with Rich, I've seen this behavior in the very same circumstances.

chown the pid file to the user running splunk.
e.g.
chown splunk:splunk /opt/splunk/var/run/splunk/splunkd.pid
cycle splunk

----
An upvote would be appreciated and Accept Solution if it helps!

Anam · ‎05-29-2019

Hi @dataops

Thank you for posting your question on Splunk Answers. In order for experts to help you, can you please provide more information in context that resulted in you seeing this error? Were you making changes to the authorize.conf file?

Thanks

Receiving this warning: "cannot create "/opt/splunk/var/log/watchdog"

Archived Metrics Now Available for APAC and EMEA realms

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!