Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk first setup failure

anshulfk
New Member
‎01-20-2018 02:36 AM

Hi,
I am getting following error while trying to install Splunk.

~/Downloads/splunk/bin:ruby-2.3.1@marketplace: [14:27:02]$ pwd
/Users/anshulgoyal/Downloads/splunk/bin

~/Downloads/splunk/bin:ruby-2.3.1@marketplace: [14:27:03]$ ./splunk start --accept-license
This appears to be your first time running this version of Splunk.
Traceback (most recent call last):
File "/Users/anshulgoyal/Downloads/splunk/lib/python2.7/site-packages/splunk/clilib/cli.py", line 17, in <module>
import splunk.clilib.cli_common as comm
File "/Users/anshulgoyal/Downloads/splunk/lib/python2.7/site-packages/splunk/clilib/cli_common.py", line 10, in <module>
from xml.sax import saxutils
File "/Users/anshulgoyal/Downloads/splunk/lib/python2.7/xml/sax/saxutils.py", line 6, in <module>
import os, urlparse, urllib, types
File "/Users/anshulgoyal/Downloads/splunk/lib/python2.7/urllib.py", line 1399, in <module>
from _scproxy import _get_proxy_settings, _get_proxies
ImportError: dlopen(/Users/anshulgoyal/Downloads/splunk/lib/python2.7/lib-dynload/_scproxy.so, 2): Symbol not found: _inflateValidate
Referenced from: /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
Expected in: /Users/anshulgoyal/Downloads/splunk/lib/libz.1.dylib
in /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
~/Downloads/splunk/bin:ruby-2.3.1@marketplace: [14:27:05]$
System details :
uname -a
Darwin anshuls-MacBook-Pro-2.local 17.3.0 Darwin Kernel Version 17.3.0: Thu Nov 9 18:09:22 PST 2017; root:xnu-4570.31.3~1/RELEASE_X86_64 x86_64

Please help me on this, as I unable to proceed further in this course because of this issue.
Here is the Splunk tar file name(and its version) and its checksum.

~/Downloads/splunk/bin:ruby-2.3.1@marketplace: [14:31:28]$ cksum ~/Downloads/splunk-6.2.2-255606-darwin-64.tgz
1576605186 90598728 /Users/anshulgoyal/Downloads/splunk-6.2.2-255606-darwin-64.tgz

I also checked answers/585512/importerror-symbol-not-found-inflatevalidate-when.html, but that did not fix my problem.

~/Downloads/splunk/bin:ruby-2.3.1@marketplace: [14:31:31]$  sudo rm /opt/splunk/lib/libz.1.dylib
Password:
rm: /opt/splunk/lib/libz.1.dylib: No such file or directory
~/Downloads/splunk/bin:ruby-2.3.1@marketplace: [15:58:46]$ 
~/Downloads/splunk/bin:ruby-2.3.1@marketplace: [15:58:52]$  sudo cp /usr/lib/libz.1.dylib /opt/splunk/lib/libz.1.dylib
cp: /opt/splunk/lib/libz.1.dylib: No such file or directory

Thanks,
Anshul

PS: not much aware of splunk products, so I have selected splunk light.

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎01-20-2018 04:34 PM

If your downloading Splunk to ~/Downloads/splunk/ then why are you deleting stuff in opt/splunk?

What problem are you facing? Splunk not installing or starting?

0 Karma
Reply

anshulfk
New Member
‎01-21-2018 02:13 AM

I am not sure if it is installing or starting. I assume on first 'start' it 'installs' and that is failing.
I have been able to download the tar file and then unzip it.

Thanks, for the hint. I have been able to move past this error. Now I am facing another error.

~/Downloads/splunk:ruby-2.3.1@marketplace: [15:38:27]$ sudo rm lib/libz.1.dylib
Password:
~/Downloads/splunk:ruby-2.3.1@marketplace: [15:39:12]$ sudo cp /usr/lib/libz.1.dylib lib/libz.1.dylib
~/Downloads/splunk:ruby-2.3.1@marketplace: [15:39:39]$ cd bin/
~/Downloads/splunk/bin:ruby-2.3.1@marketplace: [15:39:42]$ ./splunk start --accept-license

This appears to be your first time running this version of Splunk.
Copying '/Users/anshulgoyal/Downloads/splunk/etc/openldap/ldap.conf.default' to '/Users/anshulgoyal/Downloads/splunk/etc/openldap/ldap.conf'.
Generating RSA private key, 1024 bit long modulus
..................++++++
........++++++
e is 65537 (0x10001)
writing RSA key

Generating RSA private key, 1024 bit long modulus
.................++++++
.........................++++++
e is 65537 (0x10001)
writing RSA key

Moving '/Users/anshulgoyal/Downloads/splunk/share/splunk/search_mrsparkle/modules.new' to '/Users/anshulgoyal/Downloads/splunk/share/splunk/search_mrsparkle/modules'.
dyld: Library not loaded: /Users/eserv/wrangler/build-home/6.2.2/lib/libmongoc-1.0.0.dylib
  Referenced from: /Users/anshulgoyal/Downloads/splunk/bin/splunkd
  Reason: image not found
dyld: Library not loaded: /Users/eserv/wrangler/build-home/6.2.2/lib/libmongoc-1.0.0.dylib
  Referenced from: /Users/anshulgoyal/Downloads/splunk/bin/splunkd
  Reason: image not found
dyld: Library not loaded: /Users/eserv/wrangler/build-home/6.2.2/lib/libmongoc-1.0.0.dylib
  Referenced from: /Users/anshulgoyal/Downloads/splunk/bin/splunkd
  Reason: image not found
Did not find "disabled" setting of "kvstore" stanza in server bundle.

Splunk> All batbelt. No tights.

Checking prerequisites...
dyld: Library not loaded: /Users/eserv/wrangler/build-home/6.2.2/lib/libmongoc-1.0.0.dylib
  Referenced from: /Users/anshulgoyal/Downloads/splunk/bin/splunkd
  Reason: image not found
  Checking mgmt port [8089]: dyld: Library not loaded: /Users/eserv/wrangler/build-home/6.2.2/lib/libmongoc-1.0.0.dylib
  Referenced from: /Users/anshulgoyal/Downloads/splunk/bin/splunkd
  Reason: image not found
open
  Checking configuration...  Done.
    Creating: /Users/anshulgoyal/Downloads/splunk/var/lib/splunk
    Creating: /Users/anshulgoyal/Downloads/splunk/var/run/splunk
    Creating: /Users/anshulgoyal/Downloads/splunk/var/run/splunk/appserver/i18n
    Creating: /Users/anshulgoyal/Downloads/splunk/var/run/splunk/appserver/modules/static/css
    Creating: /Users/anshulgoyal/Downloads/splunk/var/run/splunk/upload
    Creating: /Users/anshulgoyal/Downloads/splunk/var/spool/splunk
    Creating: /Users/anshulgoyal/Downloads/splunk/var/spool/dirmoncache
    Creating: /Users/anshulgoyal/Downloads/splunk/var/lib/splunk/authDb
    Creating: /Users/anshulgoyal/Downloads/splunk/var/lib/splunk/hashDb
  Checking critical directories...  Done
  Checking indexes...
homePath='/Users/anshulgoyal/Downloads/splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem.
Validating databases (splunkd validatedb) failed with code '1'.  If you cannot resolve the issue(s) above after consulting documentation, please file a case online at http://www.splunk.com/page/submit_issue
0 Karma
Reply

jrballesteros05
Communicator
‎01-20-2018 12:49 PM

Hi, as I see you are trying to install Splunk on MacOS right?

You should follow these steps:

http://docs.splunk.com/Documentation/Splunk/7.0.1/Installation/InstallonMacOS

Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...