Splunk server unable to start after upgrade to 6.2...

hanshen · ‎04-20-2015

We have splunk dev server upgrade to 6.2.2., using splunk account to start and failed, message below:

[servername:/opt/splunk/bin]$ splunk start

Splunk> The IT Search Engine.

Checking prerequisites...
Checking http port [443]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _blocksignature _internal _introspection _thefishbucket history main summary
Done
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
execve: Permission denied
while running command /usr/bin/startsrc
Splunk boot-start is enabled. please use /usr/bin/startsrc -s splunkd to start splunk

[servername:/opt/splunk/bin]$

root can start it use /usr/bin/startsrc -s splunkd to start splunk, however we would like to use splunk account to start/stop server.

What permission should splunk account have to start/stop splunk server on AIX?

hanshen · ‎04-21-2015

This is a bug in 6.2.2 in AIX per Splunk support. Defect SPL-96141, will be fixed for 6.2.3.

hanshen · ‎04-20-2015

Is it new in 6.2.2? our prod is using 443 which is 5.x without this issue.

harsmarvania57 · ‎04-20-2015

Check this it might help you http://answers.splunk.com/answers/155288/when-trying-to-start-splunk-im-getting-an-execve-permission...

hanshen · ‎04-20-2015

Checked there is not the line below in the /etc/inittab file:
$SPLUNK_HOME/bin/splunk enable boot-start

The starting message show: Splunk boot-start is enabled.
So where to setup Splunk boot-start is enabled besides /etc/inittab file?

hanshen · ‎04-20-2015

We have root run
/opt/splunk/bin/splunk enable boot-start -user splunk
0513-071 The splunkd Subsystem has been added.
0513-071 The splunkweb Subsystem has been added.
SRC subsystem group installed.
SRC subsystem group is configured to run at boot.

But still unluck to run as splunk user:

Splunk> Take the sh out of IT.

Checking prerequisites...
Checking http port [443]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _blocksignature _internal _introspection _thefishbucket history main summary
Done
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
execve: Permission denied
while running command /usr/bin/startsrc
Splunk boot-start is enabled. please use /usr/bin/startsrc -s splunkd to start splunk

harsmarvania57 · ‎04-20-2015

You have given webport as 443 and < 1024 port will be bind by root user only. If you want to start splunk as splunk user then use > 1024 port for splunk web.

Raghav2384 · ‎04-20-2015

Trying owning /opt/splunk for splunk user and splunk group and try

hanshen · ‎04-20-2015

Yes, this has been verified...