All Apps and Add-ons

OPSEC LEA - Cannot look up HOME variable

lagnone_splunk
Splunk Employee
Splunk Employee

I am seeing this message when trying to use the OPSEC LEA app for Splunk -

ERROR ExecProcessor - message from "/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/lea-loggrabber.sh --configentity CMA-008" Could not look up HOME variable. Auth tokens cannot be cached.

How might I workaround this?

1 Solution

lagnone_splunk
Splunk Employee
Splunk Employee

One workaround that has worked for some customers is to manually create a SPLUNK_HOME environmental variable

$ export SPLUNK_HOME=/opt/splunk
verify
$ env

If edited in /etc/profiles, this change can persist across logins

View solution in original post

lagnone_splunk
Splunk Employee
Splunk Employee

One workaround that has worked for some customers is to manually create a SPLUNK_HOME environmental variable

$ export SPLUNK_HOME=/opt/splunk
verify
$ env

If edited in /etc/profiles, this change can persist across logins

mikelanghorst
Motivator

It's not asking about SPLUNK_HOME, but rather $HOME, of the user splunk runs as.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...