Re: Why am I getting an error with MAC even after ...

ZeinaIbrahim7 · ‎01-28-2018

Can someone please help me fix this issue. I am trying to install Splunk on my Mac OS High Sierra 10.13 but have been getting this:

homePath='/Applications/Splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem.

Validating databases (splunkd validatedb) failed with code '1'. If you cannot resolve the issue(s) above after consulting documentation, please file a case online at http://www.splunk.com/page/submit_issue

I have tried to append OPTIMISTIC_ABOUT_FILE_LOCKING = 1to the splunk-launch.conf but it doesn't seem to make a difference.

Can someone please help?

Any help would be greatly appreciated.

Thanks

skoelpin · ‎01-28-2018

I've been running Splunk on Mac for years with no issues.

This may help.. I would run it in a test environment first before applying in production

https://answers.splunk.com/answers/585512/importerror-symbol-not-found-inflatevalidate-when.html

ZeinaIbrahim7 · ‎01-29-2018

Hi,
Thanks for your answer. I tried running the sudo commands as suggested in your link and I get this message:
rm: /opt/splunk/lib/libz.1.dylib: No such file or directory

This is strange because I can see the file libs.1.dylib but it still says that it doesn't exist.
Running out of ideas about how to fix this and start using Splunk...

skoelpin · ‎01-29-2018

Your Splunk home path is under /Applications/Splunk/ and you are trying under /opt/splunk. Change your directory to hit your home path

skoelpin · ‎02-01-2018

Did this work for you? @ZeinaIbrahim7

Why am I getting an error installing Splunk on Mac OS High Sierra 10.13, even after adding OPTIMISTIC?

Mac

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases