Splunk Enterprise

In Splunk Free 7.2.1, how come the system directory is missing?

allison9001
Engager

Hello,

I've got a CentOS 7 vm with a 7.2.1 Splunk Free instance installed. The following Directory, which I need to edit conf's in, is missing? $SPLUNK_HOME/etc/system.

Here is what I get in $SPLUNK_HOME/etc/:


adjtime                  hosts.allow               protocols
aliases                  hosts.deny                python
aliases.db               init.d                    rc0.d
alternatives             inittab                   rc1.d
anacrontab               inputrc                   rc2.d
asound.conf              iproute2                  rc3.d
audisp                   issue                     rc4.d
audit                    issue.net                 rc5.d
bash_completion.d        kdump.conf                rc6.d
bashrc                   kernel                    rc.d
binfmt.d                 krb5.conf                 rc.local
centos-release           krb5.conf.d               redhat-release
centos-release-upstream  ld.so.cache               resolv.conf
chkconfig.d              ld.so.conf                resolv.conf.save
chrony.conf              ld.so.conf.d              rpc
chrony.keys              libaudit.conf             rpm
cron.d                   libnl                     rsyslog.conf
cron.daily               libuser.conf              rsyslog.d
cron.deny                locale.conf               rwtab
cron.hourly              localtime                 rwtab.d
cron.monthly             login.defs                sasl2
crontab                  logrotate.conf            securetty
cron.weekly              logrotate.d               security
crypttab                 lvm                       selinux
csh.cshrc                machine-id                services
csh.login                magic                     sestatus.conf
dbus-1                   makedumpfile.conf.sample  shadow
default                  man_db.conf               shadow-
depmod.d                 mke2fs.conf               shells
dhcp                     modprobe.d                skel
DIR_COLORS               modules-load.d            ssh
DIR_COLORS.256color      motd                      ssl
DIR_COLORS.lightbgcolor  mtab                      statetab
dracut.conf              my.cnf                    statetab.d
dracut.conf.d            my.cnf.d                  subgid
e2fsck.conf              NetworkManager            subuid
environment              networks                  sudo.conf
ethertypes               nsswitch.conf             sudoers
exports                  nsswitch.conf.bak         sudoers.d
favicon.png              ntp                       sudo-ldap.conf
filesystems              ntp.conf                  sysconfig
firewalld                openldap                  sysctl.conf
fstab                    opt                       sysctl.d
gcrypt                   os-release                systemd
GeoIP.conf               pam.d                     system-release
GeoIP.conf.default       passwd                    system-release-cpe
gnupg                    passwd-                   terminfo
GREP_COLORS              pkcs11                    tmpfiles.d
groff                    pki                       tuned
group                    plymouth                  udev
group-                   pm                        vconsole.conf
grub2.cfg                polkit-1                  virc
grub.d                   popt.d                    wpa_supplicant
gshadow                  postfix                   X11
gshadow-                 ppp                       xdg
gss                      prelink.conf.d            xinetd.d
host.conf                printcap                  yum
hostname                 profile                   yum.conf
hosts                    profile.d                 yum.repos.d
Tags (1)
0 Karma
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

The directory you listed was /etc, indicating your $SPLUNK_HOME wasn't set correctly. /opt/splunk/etc/ is usually the correct location, as you've already found out.

View solution in original post

martin_mueller
SplunkTrust
SplunkTrust

The directory you listed was /etc, indicating your $SPLUNK_HOME wasn't set correctly. /opt/splunk/etc/ is usually the correct location, as you've already found out.

View solution in original post

allison9001
Engager

I would up figuring this out. The reason I needed access to this directory was to set admin credentials after fresh install. All of the tutorials I found on splunk docs or forums said it was in $SPLUNK_HOME but i found the /system/local/ directory in /opt/splunk/etc/ and added the user-seed.conf file here.

IDK if this is unique to Splunk light, but it worked and I can now login to my web interface.

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.