Deployment Architecture

Splunk 7.3.1 Windows apply shcluster-bundle -target https://xxxx:8089 -auth admin:password fails with Error moving tmp_staging_area


I am trying to push my first app through the search head deployer. this is a brand new Splunk 7.3.1 environment with 3 search heads, 1 search head deployer, an indexer cluster with 2 indexers and a master. I was able to create new indexes, replicate them and get data into them via forwarders.
Now i am trying to push an app that i had from an older Splunk installation (6.0)
I have copied the app folder to C:\program Files\Splunk\etc\cshcluster\apps\
when i do apply shcluster-bundle i get this error
Error while creating deployable apps: Error moving tmp_staging_area="C:\Program Files\Splunk\var\run\splunk\deploy.b94554b735abfbef.tmp" to dst="C:\Program Files\Splunk\var\run\splunk\deploy": Access is denied.
I tried giving Everyone full permission on the var\run\splunk folder
The deploy folder isnt there. if i try to create manually, as soon i run the above command the deploy folder gets deleted.
i see some session files gets created

Not able to figure out what the problem is? Any help is greatly appreciated.

0 Karma
Get Updates on the Splunk Community!

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...