| rest /services/authentication/users splunk_server=* | fields title, realname, splunk_server, last_successful_login | fillnull value=0 | eval days = now()-last_successful_login | where days < 2592000 | table title, realname, splunk_server, last_successful_login | convert ctime(last_successful_login) ... View more

 ++ Apologies, I missed to add a step ; reposting the same  =========================================== For the cp: cannot stat '/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag': No such file or directory Issue, I've workaround solution : While installing 8.1.1 in ubuntu, we could see the error : Setting up splunk (8.1.1) ... cp: cannot stat '/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag': No such file or directory complete And when I checked, I could see a folder /opt/splunk/swidtag/  and a file "splunk-Splunk-Enterprise-primary.swidtag" I copied it to "/opt/splunk/etc/"  and  renamed it to "regid.2001-12.com.splunk-Splunk-Enterprise.swidtag'"  Change Owner of the file :  /opt/splunk/etc# chown splunk:splunk regid.2001-12.com.splunk-Splunk-Enterprise.swidtag Install again and it Worked!! sudo dpkg -i splunk-8.1.1-08187535c166-linux-2.6-amd64.deb (Reading database ... 265846 files and directories currently installed.) Preparing to unpack splunk-8.1.1-08187535c166-linux-2.6-amd64.deb ... This looks like an upgrade of an existing Splunk Server. Attempting to stop the installed Splunk Server... splunkd is not running. Unpacking splunk (8.1.1) over (8.1.1) ... Setting up splunk (8.1.1) ... complete   ... View more

++ Apologies, I missed to add a step ; reposting the same  =========================================== I faced same issue while installing 8.1.1 in ubuntu.  Setting up splunk (8.1.1) ... cp: cannot stat '/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag': No such file or directory complete And when I checked, I could see a folder /opt/splunk/swidtag/  and a file "splunk-Splunk-Enterprise-primary.swidtag" I copied it to "/opt/splunk/etc/"  and  renamed it to "regid.2001-12.com.splunk-Splunk-Enterprise.swidtag'"  Change Owner of the file :  /opt/splunk/etc# chown splunk:splunk regid.2001-12.com.splunk-Splunk-Enterprise.swidtag Install again and it Worked!! sudo dpkg -i splunk-8.1.1-08187535c166-linux-2.6-amd64.deb (Reading database ... 265846 files and directories currently installed.) Preparing to unpack splunk-8.1.1-08187535c166-linux-2.6-amd64.deb ... This looks like an upgrade of an existing Splunk Server. Attempting to stop the installed Splunk Server... splunkd is not running. Unpacking splunk (8.1.1) over (8.1.1) ... Setting up splunk (8.1.1) ... complete ... View more

++ Apologies, I missed to add a step ; reposting the same  =========================================== I faced same issue while installing 8.1.1 in ubuntu.  Setting up splunk (8.1.1) ... cp: cannot stat '/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag': No such file or directory complete And we I checked, I could see a folder /opt/splunk/swidtag/  and a file "splunk-Splunk-Enterprise-primary.swidtag" I copied it to "/opt/splunk/etc/"  and  renamed it to "regid.2001-12.com.splunk-Splunk-Enterprise.swidtag'"  Change Owner of the file :  /opt/splunk/etc# chown splunk:splunk regid.2001-12.com.splunk-Splunk-Enterprise.swidtag Install again and it Worked!! sudo dpkg -i splunk-8.1.1-08187535c166-linux-2.6-amd64.deb (Reading database ... 265846 files and directories currently installed.) Preparing to unpack splunk-8.1.1-08187535c166-linux-2.6-amd64.deb ... This looks like an upgrade of an existing Splunk Server. Attempting to stop the installed Splunk Server... splunkd is not running. Unpacking splunk (8.1.1) over (8.1.1) ... Setting up splunk (8.1.1) ... complete ... View more

For the cp: cannot stat '/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag': No such file or directory Issue, I've workaround solution :  While installing in ubuntu, we could see the error :  Setting up splunk (8.1.1) ... cp: cannot stat '/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag': No such file or directory complete And when I checked, I could see a folder /opt/splunk/swidtag/  and a file "splunk-Splunk-Enterprise-primary.swidtag" I copied it to "/opt/splunk/etc/"  and  renamed it to "regid.2001-12.com.splunk-Splunk-Enterprise.swidtag'"    Install again and it Worked!! sudo dpkg -i splunk-8.1.1-08187535c166-linux-2.6-amd64.deb (Reading database ... 265846 files and directories currently installed.) Preparing to unpack splunk-8.1.1-08187535c166-linux-2.6-amd64.deb ... This looks like an upgrade of an existing Splunk Server. Attempting to stop the installed Splunk Server... splunkd is not running. Unpacking splunk (8.1.1) over (8.1.1) ... Setting up splunk (8.1.1) ... complete ... View more

I faced same issue while installing 8.1.1 in ubuntu.  Setting up splunk (8.1.1) ... cp: cannot stat '/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag': No such file or directory complete And we I checked, I could see a folder /opt/splunk/swidtag/  and a file "splunk-Splunk-Enterprise-primary.swidtag" I copied it to "/opt/splunk/etc/"  and  renamed it to "regid.2001-12.com.splunk-Splunk-Enterprise.swidtag'"    Install again and it Worked!! sudo dpkg -i splunk-8.1.1-08187535c166-linux-2.6-amd64.deb (Reading database ... 265846 files and directories currently installed.) Preparing to unpack splunk-8.1.1-08187535c166-linux-2.6-amd64.deb ... This looks like an upgrade of an existing Splunk Server. Attempting to stop the installed Splunk Server... splunkd is not running. Unpacking splunk (8.1.1) over (8.1.1) ... Setting up splunk (8.1.1) ... complete ... View more

I faced same issue while installing 8.1.1 in ubuntu.  Setting up splunk (8.1.1) ... cp: cannot stat '/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag': No such file or directory complete And we I checked, I could see a folder /opt/splunk/swidtag/  and a file "splunk-Splunk-Enterprise-primary.swidtag" I copied it to "/opt/splunk/etc/"  and  renamed it to "regid.2001-12.com.splunk-Splunk-Enterprise.swidtag'"    And it Worked!! sudo dpkg -i splunk-8.1.1-08187535c166-linux-2.6-amd64.deb (Reading database ... 265846 files and directories currently installed.) Preparing to unpack splunk-8.1.1-08187535c166-linux-2.6-amd64.deb ... This looks like an upgrade of an existing Splunk Server. Attempting to stop the installed Splunk Server... splunkd is not running. Unpacking splunk (8.1.1) over (8.1.1) ... Setting up splunk (8.1.1) ... complete thanks to @ljonsson ... View more

Hey @harig86  I suggest you to extract the package using 7zip and put it under $SPLUNK_HOME/etc/apps/ Then splunk restart.  It would work fine without any error.  I suspect that it would kindoff read permission issue in package.   ... View more

Step 1 : Login to Splunk localhost account and Navigate to Settings > Server Settings > Email Settings Step 2 : Email Settings - Mail host : Provide the smtp server details and port smtp.gmail.com:587 for Gmail smtp.mail.yahoo.com:587 for Yahoo - Email Security : Enable TLS - User name : Provide your personal mail ID - Password : Provide your personal mail password / App PASSCODE Here we need to understand few things. The personal mail account could have multi factor authentications. Combinations of password and OTP etc.. This could reject Splunk to use the mail account we had assigned. So we could assign an App Passcode for authentication and things made easier. Reference : configure_app_passcode ... View more