Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Installing Splunk 8.1.0 - Ubuntu 20.4 warning message

duncandka
Engager
‎11-17-2020 09:59 AM

Hi,

Installing Enterprise 8.1.0 on Ubuntu 20.4 when unpacking get the following message.
cp: cannot stat '/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag': No such file or directory
Where as, it is directly under /opt/splunk

Duncan

 

 

Labels (1)
Labels
Reply

jeffh-cf
Engager
‎05-12-2021 01:17 PM

I just tried upgrading from Spunk Enterprise 8.1.3 to 8.2.0 on Ubuntu 20.04 and ran into the same issue but it doesn't look like the upgrade failed.

sudo dpkg -i splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb
(Reading database ... 176294 files and directories currently installed.)
Preparing to unpack splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb ...
This looks like an upgrade of an existing Splunk Server. Attempting to stop the installed Splunk Server...
Stopping splunkd...
Shutting down. Please wait, as this may take a few minutes.

Stopping splunk helpers...

Done.
Unpacking splunk (8.2.0) over (8.1.3) ...
Setting up splunk (8.2.0) ...
cp: cannot stat '/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag': No such file or directory
complete

Even though the upgrade didn't appear to fail, I followed the same advice:

cp splunk-Splunk-Enterprise-primary.swidtag /opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag

I ran the installation again, and it completed successfully:

sudo dpkg -i splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb
(Reading database ... 180376 files and directories currently installed.)
Preparing to unpack splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb ...
This looks like an upgrade of an existing Splunk Server. Attempting to stop the installed Splunk Server...
splunkd is not running.
Unpacking splunk (8.2.0) over (8.2.0) ...
Setting up splunk (8.2.0) ...
complete

0 Karma
Reply

vishaltv
Path Finder
‎12-25-2020 12:36 AM

++ Apologies, I missed to add a step ; reposting the same 
===========================================


I faced same issue while installing 8.1.1 in ubuntu. 

Setting up splunk (8.1.1) ...
cp: cannot stat '/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag': No such file or directory
complete

And when I checked, I could see a folder /opt/splunk/swidtag/  and a file "splunk-Splunk-Enterprise-primary.swidtag"

I copied it to "/opt/splunk/etc/"  and  renamed it to "regid.2001-12.com.splunk-Splunk-Enterprise.swidtag'" 

Change Owner of the file :

 /opt/splunk/etc# chown splunk:splunk regid.2001-12.com.splunk-Splunk-Enterprise.swidtag

Install again and it Worked!!

sudo dpkg -i splunk-8.1.1-08187535c166-linux-2.6-amd64.deb
(Reading database ... 265846 files and directories currently installed.)
Preparing to unpack splunk-8.1.1-08187535c166-linux-2.6-amd64.deb ...
This looks like an upgrade of an existing Splunk Server. Attempting to stop the installed Splunk Server...
splunkd is not running.
Unpacking splunk (8.1.1) over (8.1.1) ...
Setting up splunk (8.1.1) ...
complete

Reply

vishaltv
Path Finder
‎12-25-2020 12:29 AM

I faced same issue while installing 8.1.1 in ubuntu. 

Setting up splunk (8.1.1) ...
cp: cannot stat '/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag': No such file or directory
complete

And we I checked, I could see a folder /opt/splunk/swidtag/  and a file "splunk-Splunk-Enterprise-primary.swidtag"

I copied it to "/opt/splunk/etc/"  and  renamed it to "regid.2001-12.com.splunk-Splunk-Enterprise.swidtag'" 

 

Install again and it Worked!!

sudo dpkg -i splunk-8.1.1-08187535c166-linux-2.6-amd64.deb
(Reading database ... 265846 files and directories currently installed.)
Preparing to unpack splunk-8.1.1-08187535c166-linux-2.6-amd64.deb ...
This looks like an upgrade of an existing Splunk Server. Attempting to stop the installed Splunk Server...
splunkd is not running.
Unpacking splunk (8.1.1) over (8.1.1) ...
Setting up splunk (8.1.1) ...
complete

Reply

bilalbox
Engager
‎04-02-2021 07:07 PM

Thanks! This also worked for install Splunk version 8.1.3 on Ubuntu 18.04 running in Azure.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-17-2020 10:56 AM

Check file ownership (root or splunk). Check the user splunk is executing as. Also, check whether file locking is supported by the OS.

0 Karma
Reply

mannyzepeda
Explorer
‎11-18-2020 01:22 PM

Had the same issue -- fit appears to be an issue with the debian package. I installed the older version 8.07 over the "newer" version and the issue is fixed

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...