Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Install Splunk 10.2 on Debian 12

Splunk117
New Member
‎02-25-2026 12:48 AM

while installing Splunk first time im having Licensge agreement and creater user prompt but after writing RSA Key he says this and stops installation (or well does not do any more info).

 

Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'.
writing RSA key

writing RSA key

Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'.
A systemd unit file already exists at path="/etc/systemd/system/Splunkd.service". To add a Splunk generated systemd un                                it file, run 'splunk disable boot-start' before running this command. If there are custom settings that have been adde                                d to the unit file, create a backup copy first.

 


splunkd service is apparently running but I cant acces the GUI.

 

Splunkd.service                                                                    loaded    active   running Systemd service file for Splunk


Firewall is disabled so should not be any problem there.

Labels (2)
Labels
0 Karma
Reply

Splunk117
New Member
‎02-25-2026 05:53 AM

splunk is listening after checking commands:

COMMAND    PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
splunkd 153622 splunk  188u  IPv4 649151      0t0  TCP *:8000 (LISTEN)



logs file has a lot of errors:

very often periodic in the endvery often periodic in the endbeginning where it switches to the other picturebeginning where it switches to the other picture

0 Karma
Reply

Splunk117
New Member
‎02-25-2026 01:59 AM

Splunk is listening:

COMMAND    PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
splunkd 153622 splunk  188u  IPv4 649151      0t0  TCP *:8000 (LISTEN)

 

its basicly just a repeating of this:

 

02-25-2026 09:25:24.417 +0100 ERROR pipeline [99266 indexerPipe] - Uncaught exception in pipeline execution (indexer) - getting next event
02-25-2026 09:25:24.417 +0100 ERROR HotDBManager [99266 indexerPipe] - Unable to create directory /opt/splunk/var/lib/splunk/audit/db/hot_v1_353 because No such file or directory
02-25-2026 09:25:24.417 +0100 ERROR HotDBManager [99266 indexerPipe] - Unable to create directory /opt/splunk/var/lib/splunk/audit/db/hot_v1_353 because No such file or directory
02-25-2026 09:25:24.417 +0100 ERROR pipeline [99266 indexerPipe] - Runtime exception in  pipeline=indexerPipe processor=indexer error='Unable to create directory /opt/splunk/var/lib/splunk/audit/db/hot_v1_353 because No such file or directory' confkey='source::audittrail|host::DIS-LOG-CYO101|audittrail|'

02-25-2026 09:25:24.705 +0100 INFO  DatabaseDirectoryManager [99244 IndexerService] - idx=_configtracker writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/_configtracker/db' pendingBucketUpdates=1 innerLockTime=0.000. Reason='IndexerService periodic manifest update'
02-25-2026 09:25:24.705 +0100 ERROR SearchResultsWriter [99244 IndexerService] - Unable to open output file: path=/opt/splunk/var/lib/splunk/_configtracker/db/.bucketManifest99103_147151435_tmp error=No such file or directory

 

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎02-25-2026 01:27 AM

Hi @Splunk117 

Can you check if the port is open on the host itself? Depending on the OS you could run something like 

lsof -i :8000

To see if the Splunk process is listening on port 8000.

Its also worth checking the logs at $SPLUNK_HOME/var/log/splunk/splunkd.log and see if there are any errors when Splunk is started. If you see any errors here please post them so we can help further.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...