- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: error loading shared libraries running as non ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am trying to run splunk as a non-root user, but every time i start splunk I get the error "splunkd: error while loading shared libraries: libxslt.so.1: cannot open shared object file: No such file or directory"
I have created a user and group named "splunk" to run the server as. I have given it rights to read/write /opt/splunk. Even if I do:
$ sudo -u splunk bash
bash$ source /opt/splunk/bin/setSplunkEnv
bash$ /opt/splunk/bin/splunk start
I still get that error. As long as i set the $SPLUNK_HOME using setSplunkEnv, ldd correctly finds all the libraries on the system or in the /opt/splunk/lib/ directory.
It does work fine when I start it as root.
To make things more complicated, my sysadmins tell me that having /opt/splunk/lib in /etc/ld.so.conf breaks their Red Hat Network update stuff so they removed it. So, I tried the following before starting splunk:
export LD_LIBRARY_PATH=/opt/splunk/lib
which also results in ldd finding all the libraries, but I still get the error when starting splunkd.
$ sudo -u splunk bash
bash$ export LD_LIBRARY_PATH=/opt/splunk/lib
bash$ source /opt/splunk/bin/setSplunkEnv
bash$ /opt/splunk/bin/splunk start
Splunk> All batbelt. No tights.
Checking Prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking configuration... Done.
Checking index directory... Done.
Checking databases...
Validated databases: _audit, _blocksignature, _internal, _thefishbucket, history, main, sample, summary, test
Checking for SELinux
All Preliminary checks passed.
splunkd: error while loading shared libraries: libxslt.so.1: cannot open shared object file: No such file or directory
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You shouldn't need to do any of this stuff, much less mess with the system /etc/ld.so.conf. What I would do is:
- Make sure that the ownership of the entire /opt/splunk hierarchy is owned by the running user (use
chown -R) - re-extract/re-install the Splunk files (say, using
tar -xf). It's possible that some files weren't extracted correctly.
There's not really very much more to it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You shouldn't need to do any of this stuff, much less mess with the system /etc/ld.so.conf. What I would do is:
- Make sure that the ownership of the entire /opt/splunk hierarchy is owned by the running user (use
chown -R) - re-extract/re-install the Splunk files (say, using
tar -xf). It's possible that some files weren't extracted correctly.
There's not really very much more to it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had a sysadmin reinstall splunk and then upgrade it to 4.2 and it seems to be working fine, so I guess that must have been the issue. Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
chown -R splunk:splunk was run on /opt/splunk and everything is owned by the running user. I'll have the sysadmins reinstall the rpm and see if that makes a difference
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh, and if its helpful to anyone, the OS is RHEL6 x86_64
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
