All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

ERROR CMSlave - failed on move bundle to slave apps err=failed to remove (Permission denied)

mcronkrite
Splunk Employee
Splunk Employee
‎03-15-2014 06:50 PM

ERROR CMSlave - failed on move bundle=<$SPLUNK_HOME$> /splunk/var/run/splunk/cluster/remote-bundle/######-##### to slave apps err=failed to remove dir=<$SPLUNK_HOME$>/splunk/etc/slave-apps.old (Permission denied)

Check what user splunkD process running, is no longer able to manage these folders. Cluster master, and Indexers both need be running with sufficient permissions. Check the permissions on the /splunk/var/run and /splunk/etc/ are readable and writable by the user that splunkd is running as. Find the discrepancy, stop splunk service, and chown recursively the inconsistent directories, restart splunk. If the problem persists, look for another process like a cron job or patch cycle that is resetting permissions.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mcronkrite
Splunk Employee
Splunk Employee
‎03-15-2014 06:51 PM

Check what user splunkD process running, is no longer able to manage these folders. Cluster master, and Indexers both need be running with sufficient permissions. Check the permissions on the /splunk/var/run and /splunk/etc/ are readable and writable by the user that splunkd is running as. Find the discrepancy, stop splunk service, and chown recursively the inconsistent directories, restart splunk. If the problem persists, look for another process like a cron job or patch cycle that is resetting permissions.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

mcronkrite
Splunk Employee
Splunk Employee
‎03-15-2014 06:51 PM

Check what user splunkD process running, is no longer able to manage these folders. Cluster master, and Indexers both need be running with sufficient permissions. Check the permissions on the /splunk/var/run and /splunk/etc/ are readable and writable by the user that splunkd is running as. Find the discrepancy, stop splunk service, and chown recursively the inconsistent directories, restart splunk. If the problem persists, look for another process like a cron job or patch cycle that is resetting permissions.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...