I know this is old but while setting up a lab to do some clustering I ran into this issue after making some of the "appropriate settings". To get around this for the sake of getting the lab stood up I just removed that part of the line in the:
splunk_dir/etc/system/local/web.conf (have to copy this from /default or you can hand type everything out)
for the privKeyPath and serverCert, I basically removed the $SPLUNK_HOME part so that it was just
etc/auth/splunkweb/privkey.pem
etc/auth/splunkweb/cert.pem
(running a cmaster, dserver and fwdr on one server, an indexer cluster on one server, and search heads on another)
Would I do this for a single install or enterprise installation - heck no. This is only for personal labbing.
In your case:
File causing error and where you should fix - /home/suk/opt/splunk/etc/system/default/web.conf
copy that to
/home/suk/opt/splunk/etc/system/local/
imagine in that web.conf file you have
privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/privkey.pe,
serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem
you would want (if you are just trying to get it to work)
privKeyPath = etc/auth/splunkweb/privkey.pem
serverCert = etc/auth/splunkweb/cert.pem
Previous comment is right, you want to install in the /opt/splunk - for me I wanted to "mock up" the lab environment for cluster admin so...
... View more