This documentation does not apply to the most recent version of Splunk.
This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6 , 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13
If you have SELinux active on your system, you must add Splunk to the list of authenticated applications that can run in your SELinux environment.
To configure SELinux to allow Splunk to run, you need to run the chcon command on the Splunk lib directory, where $SPLUNK_HOME is the path to your Splunk installation:
chcon -c -v -R -u system_u -r object_r -t lib_t $SPLUNK_HOME/lib 2>&1 > /dev/null
After you configure SELinux to allow Splunk to run, you can disable the check from occurring each time you start Splunk. To disable the SELinux check, add this line to $SPLUNK_HOME/etc/splunk-launch.conf:
SPLUNK_IGNORE_SELINUX=1
Important: Depending on the SELinux distribution, if you turn off the check before configuring SELinux, Splunk may not function properly.