Solved: Re: I broke my installation

Kenny_splunk

Hey guys,

so i was basically trying to set up Splunk to work with terminal (bad idea). ended up moving directories using the CLI and boom! doesn't work anymore, and i have no way to undo in the change via terminal.

i tried deleting and redownloading from Splunk but doesnt work. please tell me someone has an answer or a way to reset the directories for the version i once had 😞 i had so much data and apps to practice with.

P.S. even if there isnt a way to get my old version back, i still would like to know why its not working when i try to redownload a new instance.

Kenny_splunk

You guys are right, and my apologies. i was a bit excited to finally use the forum to test and see how fast the replies were. but i figured it out.

the issue was that in the mac terminal, i wrote: mv Splunk /opt/

and instead of moving "Splunk" to the directory, it just completely renamed "Splunk" to "opt" for some reason. i just changed the name back to Splunk and it was up and running.

View solution in original post

Kenny_splunk

You guys are right, and my apologies. i was a bit excited to finally use the forum to test and see how fast the replies were. but i figured it out.

the issue was that in the mac terminal, i wrote: mv Splunk /opt/

and instead of moving "Splunk" to the directory, it just completely renamed "Splunk" to "opt" for some reason. i just changed the name back to Splunk and it was up and running.

gcusello

Hi @Kenny_splunk ,

good for you, see next time!

let us know if we can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

gcusello

hi @Kenny_splunk ,

I agree with @PickleRick , you should try to describe what you did to try to understand what happend.

Anyway, probably the issue is in the moved folders.

But if you deleted the installation, it's very difficoult to recover the installation, unless you can restore a backup.

Maybe (and I say maybe) Splunk Support can help you.

Anyway, to tra a last chance, you could try to move the indexes from the now position to a new safe one and then create a new fresh installation that should run.

Then you could stop Splunk and copy the saved indexes folders to the new position of $SPLUNK_DB (by default $SPLUNK_HOME/var/log/splunk), or change the value of $SPLUNK_DB pointing to the new position of indexes.

Then, at least, you should create all the stanzas of your indexes in one indexes.conf using exactly the same names of your indexes.

In this way it should run, let us know if you solved.

Ciao.

Giuseppe

PickleRick

Ok. You did something. And now your environment somehow doesn't work.

Not knowing that something and somehow (and not even knowing what version we're talking about; I can only assume we're talking Linux version) how are we supposed to know what's going on and how to fix it?

I broke my installation

CLI

Linux

Mac

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Splunk Classroom Chronicles: Training Tales and Testimonials

Access Tokens Page - New & Improved