Awesome!

Yeah uninstall/reinstall was going to be my next suggestion. Glad to see it's working!

i believe that's your issue...in your boot-start command you are using '-user splunk' but it seems root owns /opt/splunk...

Firstly do you have a user called splunk on your machine?

if so you can chown splunk:splunk /opt/splunk

if not you could always just remove '-user splunk' from your boot-start command...

Yes I have a user splunk. I did what you tell me to do :

drwxr-xr-x 4 splunk splunk 4096 30 juil. 01:34 bin
-r--r--r-- 1 splunk splunk 57 30 juil. 01:13 copyright.txt
drwxr-xr-x 15 splunk splunk 4096 1 déc. 11:19 etc
drwxr-xr-x 3 splunk splunk 4096 30 juil. 01:32 include
drwxr-xr-x 6 splunk splunk 4096 30 juil. 01:34 lib
-r--r--r-- 1 splunk splunk 49092 30 juil. 01:13 license-eula.txt
drwxr-xr-x 3 splunk splunk 4096 30 juil. 01:30 openssl
-r--r--r-- 1 splunk splunk 506 30 juil. 01:04 README-splunk.txt
drwxr-xr-x 3 splunk splunk 4096 30 juil. 01:34 share
drwxr-xr-x 8 splunk splunk 4096 28 nov. 15:09 splunk
-r--r--r-- 1 splunk splunk 840969 30 juil. 01:13 splunk-6.1.3-220630-Linux-x86_64-manifest
drwxrwxrwx 6 splunk splunk 4096 28 nov. 15:15 var

But ... :

[splunk@BDSPLUNL01 bin]$ sudo ./splunk enable boot-start
Init script installed at /etc/init.d/splunk.
Init script is not configured to run at boot.

[splunk@BDSPLUNL01 bin]$ sudo ./splunk enable boot-start -user splunk
Init script installed at /etc/init.d/splunk.
Init script is not configured to run at boot.

In the directory init.d :

[splunk@BDSPLUNL01 init.d]$ ls
README

try 'chkconfig splunk on' ? seems like the init script needs attention

[splunk@BDSPLUNL01 splunk]$ sudo chkconfig splunk on
[splunk@BDSPLUNL01 splunk]$ sudo chkconfig --list splunk
splunk 0:arrêt 1:arrêt 2:marche 3:marche 4:marche 5:marche 6:arrêt

And :

[splunk@BDSPLUNL01 bin]$ sudo ./splunk enable boot-start
Init script installed at /etc/init.d/splunk.
Init script is not configured to run at boot.

[splunk@BDSPLUNL01 bin]$ sudo ./splunk enable boot-start -user splunk
Warning: cannot create "/opt/splunk/var/log/splunk"
Warning: cannot create "/opt/splunk/var/log/introspection"
Init script installed at /etc/init.d/splunk.
Init script is not configured to run at boot.

I don't understand

those run levels look fine to me..try rebooting and seeing if splunk runs...

[root@BDSPLUNL01 bin]# ./splunk start

Splunk> Take the sh out of IT.

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _blocksignature _internal _introspection _thefishbucket history ioc_search_results main summary
Done
ERROR - Error opening "/opt/splunk/var/log/splunk/splunkd-utility.log": Permission denied
Could not determine whether the path specified in the environment variable SPLUNK_DB ("/opt/splunk/var/lib/splunk") was a directory: Permission denied
Locking test failed on filesystem in path /opt/splunk/var/lib/splunk with code '3'. Please file a case online at http://www.splunk.com/page/submit_issue
Checking filesystem compatibility...

I'm in root, these are the permissions :
-rw------- 1 splunk splunk 6170 1 déc. 14:22 splunkd-utility.log

is this a fresh install?

Has splunk ever ran for you?

Root is the owner :

drwx------ 6 root root 4096 28 nov. 15:15 var