Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Installing Splunk 8.1.0 - Ubuntu 20.4 warning message

duncandka
Engager
‎11-17-2020 09:59 AM

Hi,

Installing Enterprise 8.1.0 on Ubuntu 20.4 when unpacking get the following message.
cp: cannot stat '/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag': No such file or directory
Where as, it is directly under /opt/splunk

Duncan

 

 

Labels (1)
Labels
Reply

jeffh-cf
Engager
‎05-12-2021 01:17 PM

I just tried upgrading from Spunk Enterprise 8.1.3 to 8.2.0 on Ubuntu 20.04 and ran into the same issue but it doesn't look like the upgrade failed.

sudo dpkg -i splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb
(Reading database ... 176294 files and directories currently installed.)
Preparing to unpack splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb ...
This looks like an upgrade of an existing Splunk Server. Attempting to stop the installed Splunk Server...
Stopping splunkd...
Shutting down. Please wait, as this may take a few minutes.

Stopping splunk helpers...

Done.
Unpacking splunk (8.2.0) over (8.1.3) ...
Setting up splunk (8.2.0) ...
cp: cannot stat '/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag': No such file or directory
complete

Even though the upgrade didn't appear to fail, I followed the same advice:

cp splunk-Splunk-Enterprise-primary.swidtag /opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag

I ran the installation again, and it completed successfully:

sudo dpkg -i splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb
(Reading database ... 180376 files and directories currently installed.)
Preparing to unpack splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb ...
This looks like an upgrade of an existing Splunk Server. Attempting to stop the installed Splunk Server...
splunkd is not running.
Unpacking splunk (8.2.0) over (8.2.0) ...
Setting up splunk (8.2.0) ...
complete

0 Karma
Reply

vishaltv
Path Finder
‎12-25-2020 12:36 AM

++ Apologies, I missed to add a step ; reposting the same 
===========================================


I faced same issue while installing 8.1.1 in ubuntu. 

Setting up splunk (8.1.1) ...
cp: cannot stat '/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag': No such file or directory
complete

And when I checked, I could see a folder /opt/splunk/swidtag/  and a file "splunk-Splunk-Enterprise-primary.swidtag"

I copied it to "/opt/splunk/etc/"  and  renamed it to "regid.2001-12.com.splunk-Splunk-Enterprise.swidtag'" 

Change Owner of the file :

 /opt/splunk/etc# chown splunk:splunk regid.2001-12.com.splunk-Splunk-Enterprise.swidtag

Install again and it Worked!!

sudo dpkg -i splunk-8.1.1-08187535c166-linux-2.6-amd64.deb
(Reading database ... 265846 files and directories currently installed.)
Preparing to unpack splunk-8.1.1-08187535c166-linux-2.6-amd64.deb ...
This looks like an upgrade of an existing Splunk Server. Attempting to stop the installed Splunk Server...
splunkd is not running.
Unpacking splunk (8.1.1) over (8.1.1) ...
Setting up splunk (8.1.1) ...
complete

Reply

vishaltv
Path Finder
‎12-25-2020 12:29 AM

I faced same issue while installing 8.1.1 in ubuntu. 

Setting up splunk (8.1.1) ...
cp: cannot stat '/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag': No such file or directory
complete

And we I checked, I could see a folder /opt/splunk/swidtag/  and a file "splunk-Splunk-Enterprise-primary.swidtag"

I copied it to "/opt/splunk/etc/"  and  renamed it to "regid.2001-12.com.splunk-Splunk-Enterprise.swidtag'" 

 

Install again and it Worked!!

sudo dpkg -i splunk-8.1.1-08187535c166-linux-2.6-amd64.deb
(Reading database ... 265846 files and directories currently installed.)
Preparing to unpack splunk-8.1.1-08187535c166-linux-2.6-amd64.deb ...
This looks like an upgrade of an existing Splunk Server. Attempting to stop the installed Splunk Server...
splunkd is not running.
Unpacking splunk (8.1.1) over (8.1.1) ...
Setting up splunk (8.1.1) ...
complete

Reply

bilalbox
Engager
‎04-02-2021 07:07 PM

Thanks! This also worked for install Splunk version 8.1.3 on Ubuntu 18.04 running in Azure.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-17-2020 10:56 AM

Check file ownership (root or splunk). Check the user splunk is executing as. Also, check whether file locking is supported by the OS.

0 Karma
Reply

mannyzepeda
Explorer
‎11-18-2020 01:22 PM

Had the same issue -- fit appears to be an issue with the debian package. I installed the older version 8.07 over the "newer" version and the issue is fixed

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...