Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Could not determine $SPLUNK_HOME, perhaps it should be set in environment.

Dimitri_McKay
Splunk Employee
Splunk Employee
‎01-14-2013 10:46 PM

I keep getting the message 

Couldn't determine $SPLUNK_HOME, perhaps it should be set in environment

when I try to start Splunk. I made sure that my home environment has been set in /opt/splunk/etc/splunk-launch.conf, and the $SPLUNK_HOME was set correctly. How do I fix this?

Reply
1 Solution
Solved! Jump to solution
Solution

Dimitri_McKay
Splunk Employee
Splunk Employee
‎01-14-2013 10:49 PM

I had this very same challenge. Make sure you have rights to execute the splunk binary.
Test to make sure it's not a rights issue by doing a sudo to the splunk status.

sudo /opt/splunk/bin/splunk status

It will ask you for your own password (pre-supposing you are a valid user of sudo to begin with).
Once entered, Splunk should start. If it doesn't, chances are, it's a different problem.

View solution in original post

Reply
Solved! Jump to solution

Yunagi
Communicator
‎09-07-2018 03:07 AM

I realize this question is from 2013. However, I had a very similar issue today. The error message was:

ERROR: Couldn't determine $SPLUNK_HOME or $SPLUNK_ETC; perhaps one should be set in environment

I installed Splunk as follows: First, I had extracted the tgz archive on my Linux system via sudo. Then I chowned the directory to the splunk user. Then, I ran "/opt/splunk/bin/splunk enable boot-start -user splunk" via sudo. Then, I tried to "splunk start" as the splunk user. However, I received the error message above.

I noticed the following permissions on the file /opt/splunk/etc/splunk-launch.conf:

-rw-r-----  1 root   root     830 Sep  7 10:29 splunk-launch.conf

So the splunk user had no permission to read this file. So I did the following:

sudo chmod a+r /opt/splunk/etc/splunk-launch.conf
Reply
Solved! Jump to solution
Solution

Dimitri_McKay
Splunk Employee
Splunk Employee
‎01-14-2013 10:49 PM

I had this very same challenge. Make sure you have rights to execute the splunk binary.
Test to make sure it's not a rights issue by doing a sudo to the splunk status.

sudo /opt/splunk/bin/splunk status

It will ask you for your own password (pre-supposing you are a valid user of sudo to begin with).
Once entered, Splunk should start. If it doesn't, chances are, it's a different problem.

Reply
Solved! Jump to solution

optimisticBlue
New Member
‎01-15-2018 05:28 AM

Is there a method to run Splunk without needing sudo?
Software shouldn't run under sudo, or only escalate when needed (e.g. to open privileged port)

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through:An introduction to the Splunk Threat ...

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! 🌈 In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...