Installation

I tried to install Splunk in my personal laptop, is not running need help to fix it very emergency (High Sierra)

Rocky31
Path Finder

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Creating: /Applications/splunk/var/lib/splunk
Creating: /Applications/splunk/var/run/splunk
Creating: /Applications/splunk/var/run/splunk/appserver/i18n
Creating: /Applications/splunk/var/run/splunk/appserver/modules/static/css
Creating: /Applications/splunk/var/run/splunk/upload
Creating: /Applications/splunk/var/spool/splunk
Creating: /Applications/splunk/var/spool/dirmoncache
Creating: /Applications/splunk/var/lib/splunk/authDb
Creating: /Applications/splunk/var/lib/splunk/hashDb
New certs have been generated in '/Applications/splunk/etc/auth'.
Checking critical directories... Done
Checking indexes...
homePath='/Applications/splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem.
Validating databases (splunkd validatedb) failed with code '1'. If you cannot resolve the issue(s) above after consulting documentation, please file a case online at http://www.splunk.com/page/submit_issue
rockys-MacBook-Pro:bin rocky$ ./splunk status
splunkd is not running.

Tags (1)
0 Karma
1 Solution

nickhills
Ultra Champion

If I recall. (i have seen this before on answers) its because of the new APFS file system on High Sierra.

[Edit: Here is the original answer: https://answers.splunk.com/answers/306998/why-am-i-getting-homepathoptsplunkvarlibsplunkaudi.html ]

Add the following line to $SPLUNK_HOME/etc/splunk-launch.conf

 OPTIMISTIC_ABOUT_FILE_LOCKING = 1
If my comment helps, please give it a thumbs up!

View solution in original post

nickhills
Ultra Champion

If I recall. (i have seen this before on answers) its because of the new APFS file system on High Sierra.

[Edit: Here is the original answer: https://answers.splunk.com/answers/306998/why-am-i-getting-homepathoptsplunkvarlibsplunkaudi.html ]

Add the following line to $SPLUNK_HOME/etc/splunk-launch.conf

 OPTIMISTIC_ABOUT_FILE_LOCKING = 1
If my comment helps, please give it a thumbs up!

Rocky31
Path Finder

Yeah I fixed it, I did the same. thank you.

0 Karma

lejeuneyardsell
Engager

This fixed the issue for me. I'm running macOS High Sierra version 10.13.3 (17D47)

I did a $ vi /Applications/Splunk/etc/splunk-launch.conf

then inserted the line OPTIMISTIC_ABOUT_FILE_LOCKING = 1

Relaunched Splunk and it worked

0 Karma

cpetterborg
SplunkTrust
SplunkTrust

The problem seems to be with the file system where /Applications/splunk/var/lib/splunk/audit/d will reside.

How much free space do you have on that filesystem? Is it an HFS filesystem? Is there anything else odd about that filesystem? Run:

splunkd validatedb

and see if you get any additional information.

0 Karma
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...