Hi, I'm pretty new to splunk and hoped to gain some more experience by attempting to complete the Boss of the SOC v3 challenge. I have splunk installed on Ubuntu per the instructions on the github page. I have also downloaded and extracted the dataset but when I try to start splunk again, i get the following error message:
homePath='/opt/splunk/etc/apps/botsv3_data_set/var/lib/splunk/botsv3/db' of index=_botsv3 on unusable filesystem.
Validating databases (splunkd validatedb) failed with code '1'. If you cannot resolve the issue(s) above after consulting documentation, please file a case online at http://www.splunk.com/page/submit_issue
I've already changed the splunk-launch.conf file by adding the OPTIMISTIC_ABOUT_FILE_LOCKING = 1 but I still get the same message. Any tips on resolving this issue?
... View more