Security

Splunk is not starting on indexer

Communicator

Hi , i have an issue our one of indexer goes down because it says unable to start because splunk is unable to read the file from following location. Please check the permissions.

Is it really a permission issue if splunk is unable to read a file from a directory ?

0 Karma
1 Solution

SplunkTrust
SplunkTrust

Did you install Splunk as root and are trying to start it with another user now? Are all files owned by the correct user? Without further information, we can only guess.

Skalli

View solution in original post

0 Karma

Explorer

We need to make sure that the permissions are given for the splunk user and splunk is running as a splunk user rather than a root user.

0 Karma

Motivator

Hello @Prakash493

  1. Splunk setup is on Linux?
  2. Splunk is running by which user?
0 Karma

SplunkTrust
SplunkTrust

Did you install Splunk as root and are trying to start it with another user now? Are all files owned by the correct user? Without further information, we can only guess.

Skalli

View solution in original post

0 Karma

Communicator

Yes installed by admin and i am user but before i am able to start and stop not now

0 Karma

Communicator

Correct i changed as a user and performed as root and everythink works fine

0 Karma

Splunk Employee
Splunk Employee

If Splunk was started as root at any time, some files will now belong to root, and you will have to chown everything in the Splunk install directory back to the user that is supposed to own it.

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!