Getting Data In

Why are we are getting the below error while installing the Enterprise Security App?

thahir
Path Finder

Hi Team,

 

We are getting the below error while installing the Enterprise security App 

 

failed to extract app from /tmp/ to /opt/splunk/var/run/splunk/bundle_tmp/  no such file or directory

 

 

Labels (1)
Tags (1)
0 Karma
1 Solution

thahir
Path Finder

Issue has been resolved, after re downloading the ES installation package.

View solution in original post

0 Karma

thahir
Path Finder

Hi @isoutamo ,

do you have a running and working Splunk Enterprise environment in use before you start installing that app?  yes we have active Splunk enterprise

Are you using e.g. splunk user (user which are running splunkd and own those files) and have admin rights? yes we do have

And have you check that in this filesystem is enough free space to install it? yes we have enough space

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Can you check that you could access this directory  /opt/splunk/var/run/splunk/bundle_tmp/ (or at least it’s parent) as a cli use4 which you are using to install that app. Use like cd to this directory. Then check that user have also write access to this directory.

0 Karma

thahir
Path Finder

Hi @isoutamo ,

 

yes, I have access to write in the directory

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Is the files/directory owned by user which you get when running this?

ps -C splunkd -o euser,ruser,suser,fuser,group,egroup,rgroup,sgroup,f,start,args,label

Have this user write access to this directory? Can you create a file and directory on this directory as this user? Please test it as there could be some issues on FS level and the file system could be a read only mode!

0 Karma

thahir
Path Finder

yes, its a splunk user and it has full access to the directory

0 Karma

isoutamo
SplunkTrust
SplunkTrust
0 Karma

thahir
Path Finder

Issue has been resolved, after re downloading the ES installation package.

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

do you have a running and working Splunk Enterprise environment in use before you start installing that app? 

Are you using e.g. splunk user (user which are running splunkd and own those files) and have admin rights?

And have you check that in this filesystem is enough free space to install it?

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...