cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
garrettdavidson
Engager
Member since: ‎09-14-2017
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 6
Member Since ‎09-14-2017
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Splunk install on MacOS is not working

by in Installation
‎09-14-2017 03:48 PM
‎09-14-2017 03:48 PM
@PSIPol, I just got it working, though I make no promises that my solution is a good one. ... View more

Re: Splunk install on MacOS is not working

by in Installation
‎09-14-2017 03:02 PM
6 Karma
‎09-14-2017 03:02 PM
6 Karma
Are you running the High Sierra beta? I'm on the beta and seeing the same issue. Update: Just did some poking around and made some progress. I noticed that the error is coming from /Applications/Splunk/lib/libz.1.dylib . Going there, I discovered that the offending library is an alias to lib.1.2.8.dylib in the same folder. I replaced this alias with an alias to /usr/lib/libz.1.dylib (which is aliased to by /usr/lib/libz.1.2.8.dylib ). This got past the original error and ./splunk ftr succeeded. However, now I'm getting the following: ➜ ~ /Applications/Splunk/bin/splunk start Splunk> The IT Search Engine. Checking prerequisites... Checking http port [8000]: open Checking mgmt port [8089]: open Checking appserver port [127.0.0.1:8065]: open Checking kvstore port [8191]: open Checking configuration... Done. Creating: /Applications/Splunk/var/lib/splunk Creating: /Applications/Splunk/var/run/splunk Creating: /Applications/Splunk/var/run/splunk/appserver/i18n Creating: /Applications/Splunk/var/run/splunk/appserver/modules/static/css Creating: /Applications/Splunk/var/run/splunk/upload Creating: /Applications/Splunk/var/spool/splunk Creating: /Applications/Splunk/var/spool/dirmoncache Creating: /Applications/Splunk/var/lib/splunk/authDb Creating: /Applications/Splunk/var/lib/splunk/hashDb New certs have been generated in '/Applications/Splunk/etc/auth'. Checking critical directories... Done Checking indexes... homePath='/Applications/Splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem. Validating databases (splunkd validatedb) failed with code '1'. If you cannot resolve the issue(s) above after consulting documentation, please file a case online at http://www.splunk.com/page/submit_issue The important part here is homePath='/Applications/Splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem. . It appears that Splunk blindly refuses to run on an APFS partitioned disk. ¯\(ツ)/¯ Update Part 2: I got it working! Thanks to this answer, I learned that I just needed to add the line OPTIMISTIC_ABOUT_FILE_LOCKING = 1 to my /Applications/Splunk/etc/splunk-launch.conf . Doing this got Splunk to properly launch on my Mac. However, I imagine that filesystem check is there for a reason, so use at your own risk. It seems that it just has to do with file locking, so worst case is probably that you risk a corrupt Splunk database, but I can't say for sure. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from