Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

"First-time-run has not finished." After migrating to new host

todd8063
Engager
‎05-26-2011 04:14 PM

Hi guys,
We recently migrated splunk from a server in our office to an off site server. I followed the server migration documentation and performed the following steps.

  1. Rsynced /opt/splunk to the new host
  2. Shutdown the existing instance
  3. Rsynced to get a final exact copy
  4. Installed the .deb package on the new server
  5. Started splunk

The new installation of splunk is an exact copy of source machine, and everything is working perfectly. However, when I execute this command to create the init script.

./splunk enable boot-start -user splunk
bash: splunk: command not found
First-time-run has not finished.  Ignore this error when previewing migration - exiting.

Any ideas what I need to do? Everything else is working as expected.

Tags (1)
0 Karma
Reply

rchurch0505
Engager
‎08-02-2019 01:37 PM

Ran into this problem myself. Was able to resolve it with the following.

Confirmed error and fix on 7.0.5

rpm -i splunk...rpm
cd /opt/splunk
chown -R splunkserviceacct ./
/opt/splunk/bin/splunk enable boot-start -user splunkserviceacct

I believe this to have been occurring when splunk attempts to configure the directory as a different user ( permissions problem ). Splunk installs with account splunk, we use a service account, changed ownership to proper user and ran again, it worked.

Hope this helps!

0 Karma
Reply

wrangler2x
Motivator
‎01-19-2016 03:11 PM

You are likely running this as the splunk user. If you run this command as root you should not see this error.

0 Karma
Reply

marksnelling
Communicator
‎09-03-2012 06:09 AM

I'm also getting this problem. The splunk user/group exists and the normal ./splunk enable boot-start works.
But just like the OP I get the following when trying to specify a user:

./splunk enable boot-start -user splunk
bash: splunk: command not found
First-time-run has not finished. Ignore this error when previewing migration - exiting.

Reply

cgilbert_splunk
Splunk Employee
Splunk Employee
‎06-13-2011 12:58 PM

I've seen this error before when trying to add a user that didn't exist on the system (this is a system user, not a splunk user). One thing you can try is this:

cat /etc/passwd if you have permissions to do so...this will tell you if the user "splunk" exists. The next thing (if splunk does exist) would be to start splunk as the splunk user (to make sure it has proper permissions to do so).

If you can't view the /etc/passwd file, you can try this:

./splunk enable boot-start

See if this works (if it does, it will use user "root" by default).

Hopefully this helps you move the ball forward...

0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...