Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk server unable to start after upgrade to 6.2.2

hanshen
Explorer
‎04-20-2015 07:34 AM

We have splunk dev server upgrade to 6.2.2., using splunk account to start and failed, message below:

[servername:/opt/splunk/bin]$ splunk start

Splunk> The IT Search Engine.

Checking prerequisites...
Checking http port [443]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _blocksignature _internal _introspection _thefishbucket history main summary
Done
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
execve: Permission denied
while running command /usr/bin/startsrc
Splunk boot-start is enabled. please use /usr/bin/startsrc -s splunkd to start splunk

[servername:/opt/splunk/bin]$

root can start it use /usr/bin/startsrc -s splunkd to start splunk, however we would like to use splunk account to start/stop server.

What permission should splunk account have to start/stop splunk server on AIX?

Tags (1)
0 Karma
Reply

hanshen
Explorer
‎04-21-2015 07:02 AM

This is a bug in 6.2.2 in AIX per Splunk support. Defect SPL-96141, will be fixed for 6.2.3.

0 Karma
Reply

hanshen
Explorer
‎04-20-2015 08:37 AM

Is it new in 6.2.2? our prod is using 443 which is 5.x without this issue.

0 Karma
Reply

harsmarvania57
Ultra Champion
‎04-20-2015 08:45 AM

Check this it might help you http://answers.splunk.com/answers/155288/when-trying-to-start-splunk-im-getting-an-execve-permission...

0 Karma
Reply

hanshen
Explorer
‎04-20-2015 10:59 AM

Checked there is not the line below in the /etc/inittab file:
$SPLUNK_HOME/bin/splunk enable boot-start

The starting message show: Splunk boot-start is enabled.
So where to setup Splunk boot-start is enabled besides /etc/inittab file?

0 Karma
Reply

hanshen
Explorer
‎04-20-2015 11:41 AM

We have root run
/opt/splunk/bin/splunk enable boot-start -user splunk
0513-071 The splunkd Subsystem has been added.
0513-071 The splunkweb Subsystem has been added.
SRC subsystem group installed.
SRC subsystem group is configured to run at boot.

But still unluck to run as splunk user:

Splunk> Take the sh out of IT.

Checking prerequisites...
Checking http port [443]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _blocksignature _internal _introspection _thefishbucket history main summary
Done
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
execve: Permission denied
while running command /usr/bin/startsrc
Splunk boot-start is enabled. please use /usr/bin/startsrc -s splunkd to start splunk

0 Karma
Reply

harsmarvania57
Ultra Champion
‎04-20-2015 08:22 AM

You have given webport as 443 and < 1024 port will be bind by root user only. If you want to start splunk as splunk user then use > 1024 port for splunk web.

0 Karma
Reply

Raghav2384
Motivator
‎04-20-2015 07:48 AM

Trying owning /opt/splunk for splunk user and splunk group and try

0 Karma
Reply

hanshen
Explorer
‎04-20-2015 07:51 AM

Yes, this has been verified...

0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...