Solved: Re: Splunk server failing to start due to no permi...

rsantoso_splunk · ‎06-16-2019

The permission is not available for user to write on the specified cold bucket directories.

Error:
Error IndexConfig - In index 'apac_network' : Failed to create directory '/opt/apac_frozen/APAC_network' (Permission denied)

rsantoso_splunk · ‎06-16-2019

The issue is due to the frozen bucket is place in the /opt/xyz_frozen/ directory outside the /opt/splunk directory.
The splunk user does not have the permission to write to the /opt/xyz_frozen directory. Thus, not able to start the search head.

Creating the frozen directories for the frozen bucket and giving the permission to the user have resolved the issue.

mkdir -p /opt/xyz_frozen/XYZ_network

chown splunk_user:splunk_group /opt/xyz_frozen/XYZ_network

View solution in original post

rsantoso_splunk · ‎06-16-2019

The issue is due to the frozen bucket is place in the /opt/xyz_frozen/ directory outside the /opt/splunk directory.
The splunk user does not have the permission to write to the /opt/xyz_frozen directory. Thus, not able to start the search head.

Creating the frozen directories for the frozen bucket and giving the permission to the user have resolved the issue.

mkdir -p /opt/xyz_frozen/XYZ_network

chown splunk_user:splunk_group /opt/xyz_frozen/XYZ_network

Splunk server failing to start due to no permission cold bucket

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

Are you a member of the Splunk Community?

Splunk server failing to start due to no permission cold bucket

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR