Installation

Why the error "Can't create directory" when running "splunk show config"?

vzabawski
Path Finder

Hello. I'm trying to view Splunk configuration, but getting a very odd error:

splunk@test1:/> /opt/splunk/bin/splunk show config authentication
Splunk username: admin
Password:
Can't create directory "/opt/splunk/splunk/.splunk": No such file or directory

 Changing dir to /opt/splunk/bin/ and running command from it also doen't help.

Doesn't matter if I run the command under splunk user (this user owns files in /opt/splunk) or with sudo.

This Splunk instance was upgraded from 7.0.0 to 8.1.5 and then to 8.2.5, so maybe it affected somehow.

How can I fix this?

Labels (2)
0 Karma
1 Solution

vzabawski
Path Finder

This issue is caused by wrong home directory set for "splunk" user. I've compared the output of echo $HOME on healthy and this server I'm having troubles with and on "healthy" server HOME is set to /opt/splunk.

On affected server HOME is set to /opt/splunk/splunk, so that's what was causing problems.

 

View solution in original post

hassan1214
Loves-to-Learn

Hello ! I am also facing same issue and checked as Env set to SPLUNK_HOME=opt/splunk

any help please thanks 

0 Karma

vzabawski
Path Finder

This issue is caused by wrong home directory set for "splunk" user. I've compared the output of echo $HOME on healthy and this server I'm having troubles with and on "healthy" server HOME is set to /opt/splunk.

On affected server HOME is set to /opt/splunk/splunk, so that's what was causing problems.

 

Stefanie
Builder

It looks like it thinks your splunk environment was installed in /opt/splunk/splunk ...

Can you check to see what your $SPLUNK_HOME variable is set to? 
If you open /opt/splunk/etc/splunk-launch.conf do you see SPLUNK_HOME=/opt/splunk?

0 Karma

vzabawski
Path Finder

Good idea, thanks! SPLUNK_HOME looks fine, so I guess it's not the case.

vzabawski_0-1648646143690.png

 

0 Karma

Stefanie
Builder

I'd reinstall 8.2.5 on top of it and see if it would resolve it? Is this the only server that's affected? 

Just to make sure.. can you cd to 

 

/opt/splunk/.splunk

 

Just to see if that directory exists.

 

 

What happens when you do the command 

 

cd $SPLUNK_HOME

 

Does it take you to /opt/splunk or does it throw an error for /opt/splunk/splunk

 

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...