Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why the error "Can't create directory" when running "splunk show config"?

vzabawski
Path Finder
‎03-30-2022 02:50 AM

Hello. I'm trying to view Splunk configuration, but getting a very odd error:

splunk@test1:/> /opt/splunk/bin/splunk show config authentication
Splunk username: admin
Password:
Can't create directory "/opt/splunk/splunk/.splunk": No such file or directory

 Changing dir to /opt/splunk/bin/ and running command from it also doen't help.

Doesn't matter if I run the command under splunk user (this user owns files in /opt/splunk) or with sudo.

This Splunk instance was upgraded from 7.0.0 to 8.1.5 and then to 8.2.5, so maybe it affected somehow.

How can I fix this?

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vzabawski
Path Finder
‎04-01-2022 08:19 AM

This issue is caused by wrong home directory set for "splunk" user. I've compared the output of echo $HOME on healthy and this server I'm having troubles with and on "healthy" server HOME is set to /opt/splunk.

On affected server HOME is set to /opt/splunk/splunk, so that's what was causing problems.

 

View solution in original post

Reply
Solved! Jump to solution
Solution

vzabawski
Path Finder
‎04-01-2022 08:19 AM

This issue is caused by wrong home directory set for "splunk" user. I've compared the output of echo $HOME on healthy and this server I'm having troubles with and on "healthy" server HOME is set to /opt/splunk.

On affected server HOME is set to /opt/splunk/splunk, so that's what was causing problems.

 

Reply
Solved! Jump to solution

Stefanie
Builder
‎03-30-2022 06:01 AM

It looks like it thinks your splunk environment was installed in /opt/splunk/splunk ...

Can you check to see what your $SPLUNK_HOME variable is set to? 
If you open /opt/splunk/etc/splunk-launch.conf do you see SPLUNK_HOME=/opt/splunk?

0 Karma
Reply
Solved! Jump to solution

vzabawski
Path Finder
‎03-30-2022 06:16 AM

Good idea, thanks! SPLUNK_HOME looks fine, so I guess it's not the case.

vzabawski_0-1648646143690.png

 

0 Karma
Reply
Solved! Jump to solution

Stefanie
Builder
‎03-30-2022 08:08 AM

I'd reinstall 8.2.5 on top of it and see if it would resolve it? Is this the only server that's affected? 

Just to make sure.. can you cd to 

 

/opt/splunk/.splunk

 

Just to see if that directory exists.

 

 

What happens when you do the command 

 

cd $SPLUNK_HOME

 

Does it take you to /opt/splunk or does it throw an error for /opt/splunk/splunk

 

0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...