Security

Why am I getting this error while using btool?

SamuraP
Engager

Hello, I'm trying to investigate the configuration files in a new app I created, but every time I run ./splunk btool --app=my_new_app check I get this error  "Failed to run Splunk as SPLUNK_OS_USER. This command can only be run by bootstart user."

Please help!

Labels (1)
0 Karma

SanjayReddy
SplunkTrust
SplunkTrust

Hi @SamuraP 

I am assuming you are running command with user which is other than user has permission to Splunk dir.

example , if splunk installed and owned by splunk user then 

please switch to

sudo su - splunk
and run command  $SPLUNK_HOME/splunk btool --app=my_new_app check 

else run following command to check which user has permission to splunk and switch to that user and run above mentioned command

ls -al /opt/splunk/

ex: 
-rw------- 1 splunk splunk 0 Mar 22 18:47 bin


----
Regards,
Sanjay Reddy

----
If this reply helps you, Karma would be appreciated.

----



 

0 Karma

SamuraP
Engager

Hi, what exactly do I insert in this part: -rw------- 1 splunk splunk 0 Mar 22 18:47 bin. 

When I do ls -la /opt/Splunk/I get this : 

ls: cannot access 'al': No such file or directory

/opt/splunk/:

README-splunk.txt  etc     license-eula.txt   share     var

bin   include  openssl       splunk-9.0.4-de405f4a7979-linux-2.6-x86_64-manifest

copyright.txt   lib     quarantined_files  swidtag

Tags (1)
0 Karma

SanjayReddy
SplunkTrust
SplunkTrust

Hi @SamuraP 
try running command

ls   -l /opt/splunk

0 Karma

SamuraP
Engager

I ran the command, and I got this: 

-r--r--r--  1 splunk splunk     521 Jan 20 22:17 README-splunk.txt

drwxr-xr-x  4 splunk splunk    4096 Jan 20 22:42 bin

-r--r--r--  1 splunk splunk      57 Jan 20 22:15 copyright.txt

drwxr-xr-x 17 splunk splunk    4096 Apr  2 02:01 etc

drwxr-xr-x  3 splunk splunk    4096 Jan 20 22:40 include

drwxr-xr-x  7 splunk splunk    4096 Jan 20 22:42 lib

-r--r--r--  1 splunk splunk   85405 Jan 20 22:15 license-eula.txt

drwxr-xr-x  3 splunk splunk    4096 Jan 20 22:40 openssl

drwxr-xr-x  2 splunk splunk    4096 Jan 20 22:40 quarantined_files

drwxr-xr-x  4 splunk splunk    4096 Jan 20 22:40 share

-r--r--r--  1 splunk splunk 3237516 Jan 20 22:42 splunk-9.0.4-de405f4a7979-linux-2.6-x86_64-manifest

drwxr-xr-x  2 splunk splunk    4096 Jan 20 22:41 swidtag

drwx--x---  8 splunk splunk    4096 Mar 12 15:40 var

I truly appreciate your help. 

Tags (1)
0 Karma

SanjayReddy
SplunkTrust
SplunkTrust

Hi @SamuraP 
splunk is osnwed by splunk user

please switch to splunk user using

sudo su - splunk

run command 
/opt/splunk/bin/splunk btool --app=my_new_app check 

0 Karma

SamuraP
Engager

I did the sudo su - splunk command, then I did the second command but I still get this error : 

Failed to run splunk as SPLUNK_OS_USER. This command can only be run by bootstart user.

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...