Hello, I'm trying to investigate the configuration files in a new app I created, but every time I run ./splunk btool --app=my_new_app check I get this error "Failed to run Splunk as SPLUNK_OS_USER. This command can only be run by bootstart user."
Please help!
Hi @SamuraP
I am assuming you are running command with user which is other than user has permission to Splunk dir.
example , if splunk installed and owned by splunk user then
please switch to
sudo su - splunk
and run command $SPLUNK_HOME/splunk btool --app=my_new_app check
else run following command to check which user has permission to splunk and switch to that user and run above mentioned command
ls -al /opt/splunk/
ex:
-rw------- 1 splunk splunk 0 Mar 22 18:47 bin
----
Regards,
Sanjay Reddy
----
If this reply helps you, Karma would be appreciated.
----
Hi, what exactly do I insert in this part: -rw------- 1 splunk splunk 0 Mar 22 18:47 bin.
When I do ls -la /opt/Splunk/I get this :
ls: cannot access 'al': No such file or directory
/opt/splunk/:
README-splunk.txt etc license-eula.txt share var
bin include openssl splunk-9.0.4-de405f4a7979-linux-2.6-x86_64-manifest
copyright.txt lib quarantined_files swidtag
Hi @SamuraP
try running command
ls -l /opt/splunk
I ran the command, and I got this:
-r--r--r-- 1 splunk splunk 521 Jan 20 22:17 README-splunk.txt
drwxr-xr-x 4 splunk splunk 4096 Jan 20 22:42 bin
-r--r--r-- 1 splunk splunk 57 Jan 20 22:15 copyright.txt
drwxr-xr-x 17 splunk splunk 4096 Apr 2 02:01 etc
drwxr-xr-x 3 splunk splunk 4096 Jan 20 22:40 include
drwxr-xr-x 7 splunk splunk 4096 Jan 20 22:42 lib
-r--r--r-- 1 splunk splunk 85405 Jan 20 22:15 license-eula.txt
drwxr-xr-x 3 splunk splunk 4096 Jan 20 22:40 openssl
drwxr-xr-x 2 splunk splunk 4096 Jan 20 22:40 quarantined_files
drwxr-xr-x 4 splunk splunk 4096 Jan 20 22:40 share
-r--r--r-- 1 splunk splunk 3237516 Jan 20 22:42 splunk-9.0.4-de405f4a7979-linux-2.6-x86_64-manifest
drwxr-xr-x 2 splunk splunk 4096 Jan 20 22:41 swidtag
drwx--x--- 8 splunk splunk 4096 Mar 12 15:40 var
I truly appreciate your help.
Hi @SamuraP
splunk is osnwed by splunk user
please switch to splunk user using
sudo su - splunk
run command
/opt/splunk/bin/splunk btool --app=my_new_app check
I did the sudo su - splunk command, then I did the second command but I still get this error :
Failed to run splunk as SPLUNK_OS_USER. This command can only be run by bootstart user.