I am seeing this message when trying to use the OPSEC LEA app for Splunk -
ERROR ExecProcessor - message from "/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/lea-loggrabber.sh --configentity CMA-008" Could not look up HOME variable. Auth tokens cannot be cached.
How might I workaround this?
One workaround that has worked for some customers is to manually create a SPLUNK_HOME environmental variable
$ export SPLUNK_HOME=/opt/splunk
verify
$ env
If edited in /etc/profiles, this change can persist across logins
One workaround that has worked for some customers is to manually create a SPLUNK_HOME environmental variable
$ export SPLUNK_HOME=/opt/splunk
verify
$ env
If edited in /etc/profiles, this change can persist across logins
It's not asking about SPLUNK_HOME, but rather $HOME, of the user splunk runs as.