Installation

Cannot create Index

deepakc
Builder

Hi
(I'm new to splunk )

Environment: Splunk 7.1 / RHEL6.5

I have create my own log file for test purposes / learning (its like a syslog log) and I can see the data in splunk. But when I try to create an index for it I get the error below, does anyone know what could be causing this ?

ERROR MESSAGE:

Data could not be written: /nobody/search/indexes/testosboot/thawedPath: $SPLUNK_DB/testosboot/thaweddb

Rgdsalt text
Dee

0 Karma
1 Solution

nickhills
Ultra Champion

Does the path

/var/splunkdata/security 

exist and is it writable by the splunk user?

If my comment helps, please give it a thumbs up!

View solution in original post

0 Karma

deepakc
Builder

I should have rebooted after uninstalling version 7.0 and then perform a clean install of version 7.1

0 Karma

micahkemp
Champion

Cold and Thawed paths aren't pointing to /var/splunkdata/security, at least the screenshot doesn't indicate it is. Those paths still make use of $SPLUNK_DB, which isn't discernible from what was posted.

You may need to define cold and thawed path explicity, unless $SPLUNK_DB is set to something that makes sense (has sufficient space and is writeable by the splunk user).

0 Karma

deepakc
Builder

thanks for the pointers, by uninstalling it and reinstalling, then checking the permissions, its working now

0 Karma

nickhills
Ultra Champion

Does the path

/var/splunkdata/security 

exist and is it writable by the splunk user?

If my comment helps, please give it a thumbs up!
0 Karma

deepakc
Builder

thanks I did checked the permissions, and it was correct as I could write to the folder as the user , I uninstalled it all, rebooted, reinstalled 7.1 and after it was ok... (so I must have made a mistake somewhere and did have version 7.0 installed, which I uninstalled but did not reboot)

thanks for the pointers

Dee

0 Karma
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...