Cannot create parent directory /opt/Splunkforward/...

mottycruz · ‎01-17-2022

Hello, I need assistance with Splunkforwarder it Cannot create parent directory /opt/Splunkforward/etc/apps/scBaseline_LinuxVarLog. I installed this forwarder as root but server couldn't deployed the apps such as scBaseline_LinuxVarLog, so I decided to installed it under its own users splunk, but now it doesn't have the permissions to create directory here: /opt/Splunkforward/etc/apps/scBaseline_LinuxVarLog

I changed the permissions as chown -R splunk:splunk /opt/Splunkforward/etc/apps/scBaseline_LinuxVarLog it works momentarily but it change the permissions to root:root again.

Universal Splunkforwarder 8.1 - on Linux machine

Your assistance is appreciated it.

richgalloway · ‎01-18-2022

Are you sure Splunk is running as splunk? It sounds like it's still running as root. How are you starting Splunk and what user are you signed in as at the time?

---
If this reply helps you, Karma would be appreciated.

mottycruz · ‎01-20-2022

after much troubleshooting I deleted /opt/splunkforwarder re-installed UF and things started working again.

Thanks for your support

Cannot create parent directory /opt/Splunkforward/etc/apps/scBaseline_LinuxVarLog

app

Linux

universal forwarder

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation