Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

restarting Splunk forwarder on Linux

splunktrainingu
Communicator
‎12-21-2020 05:00 PM

Hello the issue I am having is with the following command:

 

./splunk restart

 

  

When I try to restart I get the following message:

 

As Su user:
Failed to run splunk as SPLUNK_OS_USER. This command can only be run by bootstart user.

without su user:
please run 'splunk ftr' as boot-start user

 

 

I am not understanding what it is asking me to do...

 

I want to mention that puppet is the tool we use to deploy the UF to our linux servers. I am trying to restart the UF because I want to see if the linux server will  use the splunk server as a deploymentserver by adding a deploymentclient.conf file to SplunkUniversalForwarder/etc/system/local.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

scelikok
SplunkTrust
SplunkTrust
‎12-21-2020 09:08 PM

@splunktrainingu,

Please check splunk-launch.conf for SPLUNK_OS_USER then su to this user and start the Splunk service like below; (assuming SPLUNK_OS_USER is splunk)

sudo su splunk -
/opt/splunk/bin splunk start

 

If this reply helps you upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

scelikok
SplunkTrust
SplunkTrust
‎12-21-2020 09:08 PM

@splunktrainingu,

Please check splunk-launch.conf for SPLUNK_OS_USER then su to this user and start the Splunk service like below; (assuming SPLUNK_OS_USER is splunk)

sudo su splunk -
/opt/splunk/bin splunk start

 

If this reply helps you upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...