Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to undo a mistake made while trying to create an index and the CLI?

OgoSplunk
Path Finder
‎12-11-2022 03:56 PM

Hi,

I've been learning Splunk on my free time and at the part of my lesson that is teaching me how to add a splunk index via the CLI. I think I made a mistake with either the stanza or the key values can someone possibly help me out with this one?

 

Splunk> 4TW

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Problem parsing indexes.conf: Cannot load IndexConfig: stanza=security Required parameter=homePath not configured
Validating databases (splunkd validatedb) failed with code '1'. If you cannot resolve the issue(s) above after consulting documentation, please file a case online at http://www.splunk.com/page/submit_issue
$

 

Labels (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎12-11-2022 05:20 PM

Fix it by editing the $SPLUNK_HOME/etc/system/local/indexes.conf file using your favorite text editor.  The [security] stanza should be near the bottom.  Add the homePath setting and make sure other required settings are present as well.  Save the file then run

splunk btool check

to verify all is well.  If no errors are returned then you should be able to start Splunk successfully.

 

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎12-11-2022 05:20 PM

Fix it by editing the $SPLUNK_HOME/etc/system/local/indexes.conf file using your favorite text editor.  The [security] stanza should be near the bottom.  Add the homePath setting and make sure other required settings are present as well.  Save the file then run

splunk btool check

to verify all is well.  If no errors are returned then you should be able to start Splunk successfully.

 

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

OgoSplunk
Path Finder
‎12-12-2022 07:28 AM

Thanks for the help I'll try this out next time. I ended up just reinstalling splunk out of frustration right before you responded. I'll pass you karma for the efforts. 

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...