Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk reports first-time run failed!

aagashe
Engager
‎05-24-2020 07:07 PM

Hi Guys,

I tried to run Splunk but it gives errors as below:

[splunk@ip-172-31-10-67 bin]$ sudo ./splunk enable boot-start -user splunk --accept-license

Warning: cannot create "/opt/splunk/var/log/splunk"

Warning: cannot create "/opt/splunk/var/log/introspection"

Warning: cannot create "/opt/splunk/var/log/watchdog"
Warning: cannot create "/opt/splunk/etc/licenses/download-trial"
First-time run failed!

[splunk@ip-172-31-10-67 bin]$ sudo ./splunk start --accept-license

Warning: cannot create "/opt/splunk/var/log/splunk"

Warning: cannot create "/opt/splunk/var/log/introspection"

Warning: cannot create "/opt/splunk/var/log/watchdog"
Warning: cannot create "/opt/splunk/etc/licenses/download-trial"

How to resolve these warnings? Also is it possible to provide a response file when we run the Splunk for the first time so I do not have to type the responses thereby we can automate without manual intervention?

Please assist.

Tags (1)
0 Karma
Reply

PavelP
Motivator
‎05-24-2020 10:54 PM

Hello @aagashe,

it looks like a permission issue, the splunk folders and files belong to other user (or root?) or splunk is already running. It happens often if splunk installed from tgz.

Run with root privileges (change the $SPLUNK_HOME as appropriate):

sudo pkill -f splunk
sudo chown -R splunk:splunk /opt/splunk
sudo /opt/splunk/bin/splunk enable boot-start -user splunk --accept-license
sudo systemctl start splunk

The modern way to run Splunk is using systemd, so you can change it to:

    sudo pkill -f splunk
    sudo chown -R splunk:splunk /opt/splunk
    sudo ./splunk enable boot-start -user splunk -systemd-managed 1 --accept-license
    sudo systemctl start Splunkd

if you choose the last method, stick to it and start/stop splunk using "sudo systemctl" only.

Reply

aagashe
Engager
‎05-25-2020 10:45 PM

Ok, how to provide username and password? When I run for the first time I have to provide username and password, I was thinking if there is a response file so that part can be automated as well.

Please guide.

Thank you.

0 Karma
Reply

PavelP
Motivator
‎05-26-2020 12:00 AM

@aagashe,

there are various scripts to install splunk on linux, also for an unattended install:

https://answers.splunk.com/search.html?f=&redirect=search%2Fsearch&sort=relevance&q=install+script+l...

Additionally check this: https://docs.splunk.com/Documentation/Splunk/8.0.3/Installation/StartSplunkforthefirsttime#Start_Spl...

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Splunk Developer Day was packed with product and platform updates for developers building in the AI ...