Deployment Architecture

Where is splunk installed on Linux?


I am trying to create a package for my app. I am using a linux server where splunk is installed. as i got the information from this portal, i open the directory /opt/splunk/etc/apps/framework and execute the command ./splunkdj package App_name. when i execute the command, it asks me Where is Splunk installed (version 5.0 or later is required)? []:

I am confused which path i should give here. I tried using the path $splunk_home$/bin , but no luck. Please suggest

Tags (3)
0 Karma

Splunk Employee
Splunk Employee

You need to to the Home path of the Splunk it is located in /opt/Splunk and you need to execute all the scripts in the /opt/splunk/bin ./splunk package name.
the home path is always referred to /opt/splunk or where ever the splunk is been installed.

0 Karma

New Member

not working


0 Karma


This should identify locations of Splunk Enterprise or Splunk Universal Forwarders. I've only tested on Linux.

# using locate command (very fast if available)
locate --regex "splunk(forwarder)?/var/log/splunk/splunkd.log$" | awk -F "/var" '{print $1}'

# using find command
find / -type f -name "splunkd.log" 2>/dev/null | awk -F "/var" '{print $1}'

Splunk Employee
Splunk Employee

Since you said you open /opt/splunk/etc/apps/framework, I assume the path you're looking for is just /opt/splunk. Normally $SPLUNK_HOME is set to the root splunk directory.

You could also try to do

echo $splunk_home



to see if those bash variables are acutally set (they are case sensitive).


I resolved it this way (Debian OS):

ls -la
remove the .splunkhome file
run again ./splunkdj setup
insert /opt/splunk when asked where is installed Splunk.

Skender K.

0 Karma

Revered Legend

Go to path /opt/splunk/bin and then execute ./splunk package App_name OR simple just execute /opt/splunk/bin/splunk package App_name


Thanks , i tried with /opt/splunk , but i am getting the message that "/opt/splunk is directory , please give valid path" when i checked with echo $SPLUNK_HOME , i am getting blank response.

0 Karma



/opt/splunk/bin/splunk envvars


Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...