Solved: Re: Why am I getting "homePath='/opt/splunk/var/li... - Page 3

ayushchoudhary · ‎09-10-2015

I got this error while starting Splunk on the indexer.

homePath='/opt/splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem. Validating databases (splunkd validatedb) failed with code '1'.

Please help urgently.

naisanza · ‎04-25-2016

You'll want to append the following configuration option to $SPLUNK_HOME/etc/splunk-launch.conf:

OPTIMISTIC_ABOUT_FILE_LOCKING = 1

Note from malmoore (Splunk): As of 28 March 2018, this workaround has been officially documented in the Troubleshooting Manual. See Splunk Enterprise does not start due to unusable filesystem in the manual for the procedure.

The caveats for using this workaround still apply. Proceed with caution, and at your own risk. Irrevocable data loss can still occur. We have already had one report in this thread of problems that have occurred after enabling this setting.

Key points (as of 24 April 2018)

There is still no support for macOS 10.13 High Sierra on Splunk Enterprise version 7.0.
There is work scheduled to fix the problem for macOS 10.13 on Splunk Enterprise 7.0 and reinstate support, but there is no promise of delivery of this functionality.
There is support for macOS 10.13 High Sierra on APFS on Splunk Enterprise version 7.1.

View solution in original post

zakxu8 · ‎10-19-2017

guys, anyone can help me. i have problem with my splunk cannot run since i have upgrade my mac os sierra to mac os high sierra 10.13

there are message :

Traceback (most recent call last):
File "/Users/zakaria/Documents/splunk-old/lib/python2.7/site-packages/splunk/clilib/cli.py", line 17, in
import splunk.clilib.cli_common as comm
File "/Users/zakaria/Documents/splunk-old/lib/python2.7/site-packages/splunk/clilib/cli_common.py", line 10, in
from xml.sax import saxutils
File "/Users/zakaria/Documents/splunk-old/lib/python2.7/xml/sax/saxutils.py", line 6, in
import os, urlparse, urllib, types
File "/Users/zakaria/Documents/splunk-old/lib/python2.7/urllib.py", line 1440, in
from _scproxy import _get_proxy_settings, _get_proxies
ImportError: dlopen(/Users/zakaria/Documents/splunk-old/lib/python2.7/lib-dynload/_scproxy.so, 2): Symbol not found: _inflateValidate
Referenced from: /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
Expected in: /Users/zakaria/Documents/splunk-old/lib/libz.1.dylib
in /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib

i have add to my splunk-launch.cof OPTIMISTIC_ABOUT_FILE_LOCKING = 1
but still doesn't work. anyone can hel me? thanks

Sp1unkin_it · ‎09-28-2017

Thank you for this.

I ran into the same error this morning when I was installing Splunk 7.0 on Mac OS High Sierra.

This resolved the issue.

Splunkin' it!

starcher · ‎09-26-2017

This works again to get started on OSX High Sierra

Jason_S · ‎09-26-2017

The 'OPTIMISTIC_ABOUT_FILE_LOCKING = 1' appears to only be needed for OSX High Sierra running off a APFS volume. My High Sierra system running off a Mac OS Extended volume did not need this setting.

starcher · ‎09-29-2017

Yeah it is the file system type being the problem.

hardikJsheth · ‎10-04-2017

I had the same problem after upgrading to Splunk 7.0 on my mac. After I added OPTIMISTIC_ABOUT_FILE_LOCKING = 1, I was able to start the splunk.

yannK · ‎03-11-2017

This is fixed in splunk 6.5.*, the problem was for MACOS Sierra filesystem check.
For older versions you could use the workaround above, or upgrade.

Jason_S · ‎09-28-2017

yannK: I had this issue using Splunk 7.0.0 on High Sierra using APFS and have filed a support case requesting APFS support.

aharkare · ‎11-02-2017

After adding OPTIMISTIC_ABOUT_FILE_LOCKING = 1 to splunk-launch.conf file it worked for Mac OS High Sierra Version 10.13.1 (17B48). Thank you so much for the suggestion!

Rocky31 · ‎12-03-2017

Hi where did you added this line OPTIMISTIC_ABOUT_FILE_LOCKING = 1

This is my splunk-launch.conf

#   Version 7.0.1

# Modify the following line to suit the location of your Splunk install.
# If unset, Splunk will use the parent of the directory containing the splunk
# CLI executable.
#
# SPLUNK_HOME=/opt/build/splunk-home

# By default, Splunk stores its indexes under SPLUNK_HOME in the
# var/lib/splunk subdirectory.  This can be overridden
# here:
#
# SPLUNK_DB=/opt/build/splunk-home/var/lib/splunk
# Splunkd daemon name
SPLUNK_SERVER_NAME=Splunkd

# Splunkweb daemon name
SPLUNK_WEB_NAME=splunkweb

# If SPLUNK_OS_USER is set, then Splunk service will only start
# if the 'splunk [re]start [splunkd]' command is invoked by a user who
# is, or can effectively become via setuid(2), $SPLUNK_OS_USER.
# (This setting can be specified as username or as UID.)
#
# SPLUNK_OS_USER

sloshburch · ‎12-04-2017

Location shouldn't matter. So long as it's not commented out (with the hash #). So feel free to just add it to the end with the necessary comments about why you included it for your own benefit in the future.

Rocky31 · ‎12-03-2017

i fixed it thank you

ff_rumali · ‎11-22-2016

The comment from Dimitri mentioning Sierra triggered me to try this configuration option. It worked for me on my recently upgraded MacBook.

heynash · ‎08-16-2016

This was spot on for me. Great advice, thanks.

Rocky31 · ‎12-03-2017

i have the same issue, i don't the line in splunk-launch.conf
is it i need to add the line in .conf file

Rocky31 · ‎12-03-2017

i fixed it thank you

Why am I getting "homePath='/opt/splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem." while starting Splunk on an indexer?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms