I am trying to determine why I am seeing the following error upon reloading the deployment server:
" An error occurred: Could not create Splunk settings directory at '/root/.splunk' "
I think my permissions are correct, but I'm not sure Splunk should be able to write to /root. I was able to find a .splunk hidden file, but it is in my service account's home directory. I am not finding a lot of documentation on the "Splunk settings directory" and how to designate where to place the file - my thought is that this SHOULD be in the home directory rather than root.
I've considered creating a .splunk folder in root owned by my service account but wasn't sure what the far reaching consequences might be.
Little more info on my setup:
- Using RHEL 6.5 and 6.7
- Splunk 6.3 (fresh install, not upgraded)
- My service account running Splunk has admin privileges
- My service account owns the Splunk directory
- I use the same service account (sudo su) to reload the deploy-server when I receive the error
- My service account's Home directory is /home/accoutname
I did see similar trouble reported, but none answering the question of how to configure a different location for the Splunk settings directory:
https://answers.splunk.com/answers/211892/could-not-create-splunk-settings-directory-at-root.html
https://answers.splunk.com/answers/323198/command-for-reloading-the-deployment-server-with-s.html
