Deployment Architecture

Where is splunk installed on Linux?

vishal_bandavad
Explorer

I am trying to create a package for my app. I am using a linux server where splunk is installed. as i got the information from this portal, i open the directory /opt/splunk/etc/apps/framework and execute the command ./splunkdj package App_name. when i execute the command, it asks me Where is Splunk installed (version 5.0 or later is required)? []:

I am confused which path i should give here. I tried using the path $splunk_home$/bin , but no luck. Please suggest

Tags (3)
0 Karma

dkolekar_splunk
Splunk Employee
Splunk Employee

You need to to the Home path of the Splunk it is located in /opt/Splunk and you need to execute all the scripts in the /opt/splunk/bin ./splunk package name.
the home path is always referred to /opt/splunk or where ever the splunk is been installed.

0 Karma

pandaaji
New Member

not working

 

0 Karma

bandit
Motivator

This should identify locations of Splunk Enterprise or Splunk Universal Forwarders. I've only tested on Linux.

# using locate command (very fast if available)
locate --regex "splunk(forwarder)?/var/log/splunk/splunkd.log$" | awk -F "/var" '{print $1}'

# using find command
find / -type f -name "splunkd.log" 2>/dev/null | awk -F "/var" '{print $1}'

aljohnson_splun
Splunk Employee
Splunk Employee

Since you said you open /opt/splunk/etc/apps/framework, I assume the path you're looking for is just /opt/splunk. Normally $SPLUNK_HOME is set to the root splunk directory.

You could also try to do

echo $splunk_home

or

echo $SPLUNK_HOME

to see if those bash variables are acutally set (they are case sensitive).

skender27
Contributor

I resolved it this way (Debian OS):

ls -la
remove the .splunkhome file
run again ./splunkdj setup
insert /opt/splunk when asked where is installed Splunk.

Skender K.

0 Karma

somesoni2
Revered Legend

Go to path /opt/splunk/bin and then execute ./splunk package App_name OR simple just execute /opt/splunk/bin/splunk package App_name

vishal_bandavad
Explorer

Thanks , i tried with /opt/splunk , but i am getting the message that "/opt/splunk is directory , please give valid path" when i checked with echo $SPLUNK_HOME , i am getting blank response.

0 Karma

MuS
Legend

Try

/opt/splunk/bin/splunk envvars

To get $SPLUNK_HOME

Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...