Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why the error "Can't create directory" when running "splunk show config"?

vzabawski
Path Finder
‎03-30-2022 02:50 AM

Hello. I'm trying to view Splunk configuration, but getting a very odd error:

splunk@test1:/> /opt/splunk/bin/splunk show config authentication
Splunk username: admin
Password:
Can't create directory "/opt/splunk/splunk/.splunk": No such file or directory

 Changing dir to /opt/splunk/bin/ and running command from it also doen't help.

Doesn't matter if I run the command under splunk user (this user owns files in /opt/splunk) or with sudo.

This Splunk instance was upgraded from 7.0.0 to 8.1.5 and then to 8.2.5, so maybe it affected somehow.

How can I fix this?

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vzabawski
Path Finder
‎04-01-2022 08:19 AM

This issue is caused by wrong home directory set for "splunk" user. I've compared the output of echo $HOME on healthy and this server I'm having troubles with and on "healthy" server HOME is set to /opt/splunk.

On affected server HOME is set to /opt/splunk/splunk, so that's what was causing problems.

 

View solution in original post

Reply
Solved! Jump to solution

hassan1214
Loves-to-Learn
‎03-15-2024 09:21 PM

Hello ! I am also facing same issue and checked as Env set to SPLUNK_HOME=opt/splunk

any help please thanks 

0 Karma
Reply
Solved! Jump to solution
Solution

vzabawski
Path Finder
‎04-01-2022 08:19 AM

This issue is caused by wrong home directory set for "splunk" user. I've compared the output of echo $HOME on healthy and this server I'm having troubles with and on "healthy" server HOME is set to /opt/splunk.

On affected server HOME is set to /opt/splunk/splunk, so that's what was causing problems.

 

Reply
Solved! Jump to solution

Stefanie
Builder
‎03-30-2022 06:01 AM

It looks like it thinks your splunk environment was installed in /opt/splunk/splunk ...

Can you check to see what your $SPLUNK_HOME variable is set to? 
If you open /opt/splunk/etc/splunk-launch.conf do you see SPLUNK_HOME=/opt/splunk?

0 Karma
Reply
Solved! Jump to solution

vzabawski
Path Finder
‎03-30-2022 06:16 AM

Good idea, thanks! SPLUNK_HOME looks fine, so I guess it's not the case.

vzabawski_0-1648646143690.png

 

0 Karma
Reply
Solved! Jump to solution

Stefanie
Builder
‎03-30-2022 08:08 AM

I'd reinstall 8.2.5 on top of it and see if it would resolve it? Is this the only server that's affected? 

Just to make sure.. can you cd to 

 

/opt/splunk/.splunk

 

Just to see if that directory exists.

 

 

What happens when you do the command 

 

cd $SPLUNK_HOME

 

Does it take you to /opt/splunk or does it throw an error for /opt/splunk/splunk

 

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Registration is OPEN!

Ready. Set. Splunk! Your favorite Splunk user event is back and better than ever. Get ready for more technical ...

Detecting Cross-Channel Fraud with Splunk

This article is the final installment in our three-part series exploring fraud detection techniques using ...

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
Top