Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

bootstart user

VijaySrrie
Builder
‎01-29-2020 06:09 AM

Hi,

After rebooting the server when I checked splunk services were not running. So I tried to start the splunk services, but getting the below error

this command can only be run by bootstart user

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎01-29-2020 06:14 AM

Assuming linux, and you have sudo access and your server should run as splunk.

sudo su splunk -
/opt/splunk/bin splunk start
If my comment helps, please give it a thumbs up!

View solution in original post

0 Karma
Reply
Solved! Jump to solution

VijaySrrie
Builder
‎01-29-2020 07:00 AM

/etc/init.d/splunk start used to work running as the root user and we're trying to troubleshoot why it suddenly stopped working?

0 Karma
Reply
Solved! Jump to solution

gfreitas
Builder
‎01-29-2020 07:13 AM

I'd recommend you check splunk-launch.conf for the user, su to the user: su <user> and then run /opt/splunk/bin/splunk start and see what error messages it shows (if any) and please note I assumed Splunk is installed under /opt/splunk

0 Karma
Reply
Solved! Jump to solution

VijaySrrie
Builder
‎01-29-2020 09:04 AM

Hi,

Issue was fixed 2 days back after restarting the splunk from /opt/splunk/bin
But we always start, stop the splunk services in /etc/init.d location, after rebooting the server and when we tried to start the service in /etc/init.d it was throwing error like "the command can only be run by bootstart user". Then I started the service in /opt/splunk/bin and it got restarted. Now, I am just curious to know why it was not working under /etc/init.d ???

0 Karma
Reply
Solved! Jump to solution

nickhills
Ultra Champion
‎01-29-2020 07:05 AM

is your server using systemd?

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎01-29-2020 06:14 AM

Assuming linux, and you have sudo access and your server should run as splunk.

sudo su splunk -
/opt/splunk/bin splunk start
If my comment helps, please give it a thumbs up!
0 Karma
Reply
Solved! Jump to solution

gfreitas
Builder
‎01-29-2020 06:12 AM

Check inside splunk-launch.conf for SPLUNK_OS_USER then su to this user and start the Splunk service

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...