Solved: Re: Splunk server failing to start due to no permi...

rsantoso_splunk · ‎06-16-2019

The permission is not available for user to write on the specified cold bucket directories.

Error:
Error IndexConfig - In index 'apac_network' : Failed to create directory '/opt/apac_frozen/APAC_network' (Permission denied)

rsantoso_splunk · ‎06-16-2019

The issue is due to the frozen bucket is place in the /opt/xyz_frozen/ directory outside the /opt/splunk directory.
The splunk user does not have the permission to write to the /opt/xyz_frozen directory. Thus, not able to start the search head.

Creating the frozen directories for the frozen bucket and giving the permission to the user have resolved the issue.

mkdir -p /opt/xyz_frozen/XYZ_network

chown splunk_user:splunk_group /opt/xyz_frozen/XYZ_network

View solution in original post

rsantoso_splunk · ‎06-16-2019

The issue is due to the frozen bucket is place in the /opt/xyz_frozen/ directory outside the /opt/splunk directory.
The splunk user does not have the permission to write to the /opt/xyz_frozen directory. Thus, not able to start the search head.

Creating the frozen directories for the frozen bucket and giving the permission to the user have resolved the issue.

mkdir -p /opt/xyz_frozen/XYZ_network

chown splunk_user:splunk_group /opt/xyz_frozen/XYZ_network

Splunk server failing to start due to no permission cold bucket

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...