Solved: restarting Splunk forwarder on Linux

splunktrainingu · ‎12-21-2020

Hello the issue I am having is with the following command:

./splunk restart

When I try to restart I get the following message:

As Su user:
Failed to run splunk as SPLUNK_OS_USER. This command can only be run by bootstart user.

without su user:
please run 'splunk ftr' as boot-start user

I am not understanding what it is asking me to do...

I want to mention that puppet is the tool we use to deploy the UF to our linux servers. I am trying to restart the UF because I want to see if the linux server will use the splunk server as a deploymentserver by adding a deploymentclient.conf file to SplunkUniversalForwarder/etc/system/local.

scelikok · ‎12-21-2020

@splunktrainingu,

Please check splunk-launch.conf for SPLUNK_OS_USER then su to this user and start the Splunk service like below; (assuming SPLUNK_OS_USER is splunk)

sudo su splunk -
/opt/splunk/bin splunk start

If this reply helps you upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

View solution in original post

scelikok · ‎12-21-2020

@splunktrainingu,

Please check splunk-launch.conf for SPLUNK_OS_USER then su to this user and start the Splunk service like below; (assuming SPLUNK_OS_USER is splunk)

sudo su splunk -
/opt/splunk/bin splunk start

If this reply helps you upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

restarting Splunk forwarder on Linux

configuration

troubleshooting

using Splunk Enterprise

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!