Installation

Having trouble opening Splunk after install on macOS

brentrmc
Explorer

I downloaded .dmg file for Splunk Enterprise 7.2.6 on MacOS Mojave and followed the installation steps, but can't seem to open Splunk. I got the message that the installation was successful, but don't understand the problem.

Here's the message I receive when I try to open Splunk:

292:293: syntax error: Expected “"” but found unknown token. (-2741)
ERROR: Failed in Main operations dialog: 360:361: syntax error: Expected “"” but found unknown token. (-2741). (1)

Labels (1)
0 Karma
1 Solution

splunk_sv
Path Finder

Try to start Splunk using command line(terminal),

Use the following command to start Splunk from terminal,

/Applications/Splunk/bin/splunk start

Once it completes it provides a URL to access Splunk, sample output of the command is given below,

root:~$ /Applications/Splunk/bin/splunk start

Splunk> Finding your faults, just like mom.

Checking prerequisites...
    Checking http port [8000]: open
    Checking mgmt port [8089]: open
    Checking appserver port [127.0.0.1:8065]: open
    Checking kvstore port [8191]: open
    Checking configuration...  Done.
    Checking critical directories...    Done
    Checking indexes...
        Validated: _audit _internal _introspection _telemetry _thefishbucket history main service_stats summary
    Done
    Checking filesystem compatibility...  Done
    Checking conf files for problems...
    Done
    Checking default conf files for edits...
    Validating installed files against hashes from '/Applications/Splunk/splunk-7.1.2-a0c72a66db66-darwin-64-manifest'
    All installed files intact.
    Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
Done


Waiting for web server at http://127.0.0.1:8000 to be available..... Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at http://127.0.0.1:8000

And to check the status use the following command,

/Applications/Splunk/bin/splunk status

And to stop Splunk, use the following command,

/Applications/Splunk/bin/splunk stop

Hope it helps!

View solution in original post

0 Karma

woodcock
Esteemed Legend

I never use dmg or rpm; I always download the tgz and use that. Get the tgz for darwin and use that. It will be cake.

0 Karma

splunk_sv
Path Finder

Try to start Splunk using command line(terminal),

Use the following command to start Splunk from terminal,

/Applications/Splunk/bin/splunk start

Once it completes it provides a URL to access Splunk, sample output of the command is given below,

root:~$ /Applications/Splunk/bin/splunk start

Splunk> Finding your faults, just like mom.

Checking prerequisites...
    Checking http port [8000]: open
    Checking mgmt port [8089]: open
    Checking appserver port [127.0.0.1:8065]: open
    Checking kvstore port [8191]: open
    Checking configuration...  Done.
    Checking critical directories...    Done
    Checking indexes...
        Validated: _audit _internal _introspection _telemetry _thefishbucket history main service_stats summary
    Done
    Checking filesystem compatibility...  Done
    Checking conf files for problems...
    Done
    Checking default conf files for edits...
    Validating installed files against hashes from '/Applications/Splunk/splunk-7.1.2-a0c72a66db66-darwin-64-manifest'
    All installed files intact.
    Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
Done


Waiting for web server at http://127.0.0.1:8000 to be available..... Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at http://127.0.0.1:8000

And to check the status use the following command,

/Applications/Splunk/bin/splunk status

And to stop Splunk, use the following command,

/Applications/Splunk/bin/splunk stop

Hope it helps!

0 Karma

brentrmc
Explorer

This answered my question. Thank you!

nvanderwalt_spl
Splunk Employee
Splunk Employee

Splunk runs as a service on your machine, and you have to use a browser to access it (for the most part).

Make sure to install it following these steps:
https://docs.splunk.com/Documentation/Splunk/7.2.4/Installation/InstallonMacOS

And start it using these steps:
https://docs.splunk.com/Documentation/Splunk/7.2.4/Installation/StartSplunkforthefirsttime

Cheers,
Nico

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...