Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Cannot create Index

deepakc
Builder
‎12-15-2017 05:54 AM

Hi
(I'm new to splunk )

Environment: Splunk 7.1 / RHEL6.5

I have create my own log file for test purposes / learning (its like a syslog log) and I can see the data in splunk. But when I try to create an index for it I get the error below, does anyone know what could be causing this ?

ERROR MESSAGE:

Data could not be written: /nobody/search/indexes/testosboot/thawedPath: $SPLUNK_DB/testosboot/thaweddb

Rgdsalt text
Dee

error.jpg
Preview file
131 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎12-15-2017 06:06 AM

Does the path

/var/splunkdata/security

exist and is it writable by the splunk user?

If my comment helps, please give it a thumbs up!

View solution in original post

0 Karma
Reply
Solved! Jump to solution

deepakc
Builder
‎12-15-2017 08:02 AM

I should have rebooted after uninstalling version 7.0 and then perform a clean install of version 7.1

0 Karma
Reply
Solved! Jump to solution

micahkemp
Champion
‎12-15-2017 06:11 AM

Cold and Thawed paths aren't pointing to /var/splunkdata/security, at least the screenshot doesn't indicate it is. Those paths still make use of $SPLUNK_DB, which isn't discernible from what was posted.

You may need to define cold and thawed path explicity, unless $SPLUNK_DB is set to something that makes sense (has sufficient space and is writeable by the splunk user).

0 Karma
Reply
Solved! Jump to solution

deepakc
Builder
‎12-15-2017 08:00 AM

thanks for the pointers, by uninstalling it and reinstalling, then checking the permissions, its working now

0 Karma
Reply
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎12-15-2017 06:06 AM

Does the path

/var/splunkdata/security

exist and is it writable by the splunk user?

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Solved! Jump to solution

deepakc
Builder
‎12-15-2017 07:57 AM

thanks I did checked the permissions, and it was correct as I could write to the folder as the user , I uninstalled it all, rebooted, reinstalled 7.1 and after it was ok... (so I must have made a mistake somewhere and did have version 7.0 installed, which I uninstalled but did not reboot)

thanks for the pointers

Dee

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...
Top