When we try to restart the splunk it says its getting permission denied on these two files:/etc/sysconfig/init: Permission denied and etc/rc.d/init.d/functions.
Both of these files are owned by root and Splunk is running as user, but I have another server who have same owned by root and Splunk running as user is working fine but don't know why its creating issues on this server?
you have top stop splunk first. If you started it with root permissions, you have to stop it as "root".
Change owner of /opt/splunk directory to you splunkuser (chown -R splunkuser:splunkgroup /opt/splunk)
Please replace my splunkuser example with the username and the group you did choose to run splunk in you environment.
After you did this, you should try to start is as splunkuser. Afterwards you can set the boot-start by doing the command @klischatb named: /opt/splunk/bin/splunk enable boot-start -user splunkunser
Hope this helps. Please let us know.
on the first time you start splunk, you want to start it as splunkuser (not as root).
When you want to enable boot-start you should use this command : ./splunk enable boot-start -user splunkunser
If your environment is fresh, just reinstall splunk and try this way.