Installation

Restarting splunkweb only throws weird errors

LegalPrime
Path Finder

I have taken over deployed Splunk with Master node, several indexers and search heads. I want to update TLS cert for web splunk we have, so I place them into folder wherethey belong and want to restart splunkweb only.

I run ps aux | grep "splunk"  to see what user the splunk services run under - it's splunkadmin.

I navigate to $SPLUNK_HOME/bin and try running both of these:

 

 

sudo ./splunk restart splunkweb
# prompts for authentication (which I do with administrator account I confirm that exists in $SPLUNK_HOME/etc/passwd
# gives me simple output: Can't create directory "/root/.splunk": Permission denied

sudo -u splunkadmin ./splunk restart splunkweb
# i authenticate as above and receive:
# Can't create directory "/dev/null/.splunk": Not a directory

 

 

 

Can you think of a different way to restart only splunkweb? And if not, can you help me figure out what is the problem here? Where do I find the logs that tell me more about the error that I get?

 

Thank you for your time and help.

Labels (1)
0 Karma

saravanan90
Contributor

Splunk tries to create an auth token in home directory of a user splunkadmin. Try to set up a home directory for user splunkadmin & run the command. 

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...