Re: Cannot create parent directory /opt/Splunkforw...

mottycruz · ‎01-17-2022

Hello, I need assistance with Splunkforwarder it Cannot create parent directory /opt/Splunkforward/etc/apps/scBaseline_LinuxVarLog. I installed this forwarder as root but server couldn't deployed the apps such as scBaseline_LinuxVarLog, so I decided to installed it under its own users splunk, but now it doesn't have the permissions to create directory here: /opt/Splunkforward/etc/apps/scBaseline_LinuxVarLog

I changed the permissions as chown -R splunk:splunk /opt/Splunkforward/etc/apps/scBaseline_LinuxVarLog it works momentarily but it change the permissions to root:root again.

Universal Splunkforwarder 8.1 - on Linux machine

Your assistance is appreciated it.

richgalloway · ‎01-18-2022

Are you sure Splunk is running as splunk? It sounds like it's still running as root. How are you starting Splunk and what user are you signed in as at the time?

---
If this reply helps you, Karma would be appreciated.

mottycruz · ‎01-20-2022

after much troubleshooting I deleted /opt/splunkforwarder re-installed UF and things started working again.

Thanks for your support

Cannot create parent directory /opt/Splunkforward/etc/apps/scBaseline_LinuxVarLog

app

Linux

universal forwarder

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Are you a member of the Splunk Community?