The permission is not available for user to write on the specified cold bucket directories.
Error:
Error IndexConfig - In index 'apac_network' : Failed to create directory '/opt/apac_frozen/APAC_network' (Permission denied)
The issue is due to the frozen bucket is place in the /opt/xyz_frozen/ directory outside the /opt/splunk directory.
The splunk user does not have the permission to write to the /opt/xyz_frozen directory. Thus, not able to start the search head.
Creating the frozen directories for the frozen bucket and giving the permission to the user have resolved the issue.
mkdir -p /opt/xyz_frozen/XYZ_network
chown splunk_user:splunk_group /opt/xyz_frozen/XYZ_network
The issue is due to the frozen bucket is place in the /opt/xyz_frozen/ directory outside the /opt/splunk directory.
The splunk user does not have the permission to write to the /opt/xyz_frozen directory. Thus, not able to start the search head.
Creating the frozen directories for the frozen bucket and giving the permission to the user have resolved the issue.
mkdir -p /opt/xyz_frozen/XYZ_network
chown splunk_user:splunk_group /opt/xyz_frozen/XYZ_network