Archive
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question
Solved! Jump to solution

Cannot create Index

deepakc
New Member
โ€Ž12-15-2017 05:54 AM

Hi
(I'm new to splunk )

Environment: Splunk 7.1 / RHEL6.5

I have create my own log file for test purposes / learning (its like a syslog log) and I can see the data in splunk. But when I try to create an index for it I get the error below, does anyone know what could be causing this ?

ERROR MESSAGE:

Data could not be written: /nobody/search/indexes/testosboot/thawedPath: $SPLUNK_DB/testosboot/thaweddb

Rgdsalt text
Dee

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nickhillscpl
Ultra Champion
โ€Ž12-15-2017 06:06 AM

Does the path

/var/splunkdata/security

exist and is it writable by the splunk user?

View solution in original post

0 Karma
Reply
Solved! Jump to solution

deepakc
New Member
โ€Ž12-15-2017 08:02 AM

I should have rebooted after uninstalling version 7.0 and then perform a clean install of version 7.1

0 Karma
Reply
Solved! Jump to solution

micahkemp
Champion
โ€Ž12-15-2017 06:11 AM

Cold and Thawed paths aren't pointing to /var/splunkdata/security, at least the screenshot doesn't indicate it is. Those paths still make use of $SPLUNK_DB, which isn't discernible from what was posted.

You may need to define cold and thawed path explicity, unless $SPLUNK_DB is set to something that makes sense (has sufficient space and is writeable by the splunk user).

0 Karma
Reply
Solved! Jump to solution

deepakc
New Member
โ€Ž12-15-2017 08:00 AM

thanks for the pointers, by uninstalling it and reinstalling, then checking the permissions, its working now

0 Karma
Reply
Solved! Jump to solution
Solution

nickhillscpl
Ultra Champion
โ€Ž12-15-2017 06:06 AM

Does the path

/var/splunkdata/security

exist and is it writable by the splunk user?

View solution in original post

0 Karma
Reply
Solved! Jump to solution

deepakc
New Member
โ€Ž12-15-2017 07:57 AM

thanks I did checked the permissions, and it was correct as I could write to the folder as the user , I uninstalled it all, rebooted, reinstalled 7.1 and after it was ok... (so I must have made a mistake somewhere and did have version 7.0 installed, which I uninstalled but did not reboot)

thanks for the pointers

Dee

0 Karma
Reply
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!