Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

"First-time-run has not finished." After migrating to new host

todd8063
Engager
‎05-26-2011 04:14 PM

Hi guys,
We recently migrated splunk from a server in our office to an off site server. I followed the server migration documentation and performed the following steps.

  1. Rsynced /opt/splunk to the new host
  2. Shutdown the existing instance
  3. Rsynced to get a final exact copy
  4. Installed the .deb package on the new server
  5. Started splunk

The new installation of splunk is an exact copy of source machine, and everything is working perfectly. However, when I execute this command to create the init script.

./splunk enable boot-start -user splunk
bash: splunk: command not found
First-time-run has not finished.  Ignore this error when previewing migration - exiting.

Any ideas what I need to do? Everything else is working as expected.

Tags (1)
0 Karma
Reply

rchurch0505
Engager
‎08-02-2019 01:37 PM

Ran into this problem myself. Was able to resolve it with the following.

Confirmed error and fix on 7.0.5

rpm -i splunk...rpm
cd /opt/splunk
chown -R splunkserviceacct ./
/opt/splunk/bin/splunk enable boot-start -user splunkserviceacct

I believe this to have been occurring when splunk attempts to configure the directory as a different user ( permissions problem ). Splunk installs with account splunk, we use a service account, changed ownership to proper user and ran again, it worked.

Hope this helps!

0 Karma
Reply

wrangler2x
Motivator
‎01-19-2016 03:11 PM

You are likely running this as the splunk user. If you run this command as root you should not see this error.

0 Karma
Reply

marksnelling
Communicator
‎09-03-2012 06:09 AM

I'm also getting this problem. The splunk user/group exists and the normal ./splunk enable boot-start works.
But just like the OP I get the following when trying to specify a user:

./splunk enable boot-start -user splunk
bash: splunk: command not found
First-time-run has not finished. Ignore this error when previewing migration - exiting.

Reply

cgilbert_splunk
Splunk Employee
Splunk Employee
‎06-13-2011 12:58 PM

I've seen this error before when trying to add a user that didn't exist on the system (this is a system user, not a splunk user). One thing you can try is this:

cat /etc/passwd if you have permissions to do so...this will tell you if the user "splunk" exists. The next thing (if splunk does exist) would be to start splunk as the splunk user (to make sure it has proper permissions to do so).

If you can't view the /etc/passwd file, you can try this:

./splunk enable boot-start

See if this works (if it does, it will use user "root" by default).

Hopefully this helps you move the ball forward...

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...