The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: SplunkGeneral: Splunk not listening to the index directory you tell it at installation.

Previous Topic: new install/batch question  |   Next Topic: Splunkd Crash when I select Custom Index from Main Page


Posts 1–4 of 4
1
posted by: tfb  |  posts
date: July 4, 2006
permalink

This is just in case no one else has noticed this - I've filed a bug.

When installing splunk on Linux, it asks you where to put the index. *But* it doesn't actually listen to what you answer properly: it does (I think) use the answer to make a new empty index directory structure, but at runtime it has forgotten where this is. So if you want to make the index be somewhere nonstandard you need to (a) tell it this at install time and (b) set SPLUNK_DB before you run splunk (in the init script or whatever) to this same place. If you don't do this, it will silently create an index under /opt/splunk, which is very bad (for instance there might not be much space there, or it might not be backed up).

While I think splunk is really a great system (way better than anything else I've seen), it *really* needs more work on deployment issues - this is far from the only really irritating deployment bug I've come across, on perfectly vanilla systems (others: doesn't make the splunk group, fails horribly to restart).

2
posted by: Joseph Reeves  |  posts
date: July 4, 2006
permalink

That bug has existed ever since 2.0 was released. I filed it back then and the developers are aware of it.

Quote:
"While I think splunk is really a great system (way better than anything else I've seen), it *really* needs more work on deployment issues - this is far from the only really irritating deployment bug I've come across, on perfectly vanilla systems (others: doesn't make the splunk group, fails horribly to restart)."

Yea, I agree. A bit more polish would really take splunk to the next level. I've personally found a number of cross platform and even cross linux distro problems over the past 7 months that I've been working with splunk.

3
posted by: erik  |  posts
date: July 5, 2006
permalink

Oh my,

Sorry about this bug. We just realized it last week.
I dont know how it slipped through the cracks.

It will be fixed in this weeks build.
To work around....

You can set the environment variable $SPLUNK_DB yourself or change the location yourself in the file - <SPLUNK_HOME>/bin/setSplunkEnv

line 45:
if [ -z "${SPLUNK_DB}" ] ; then
SPLUNK_DB=$SPLUNK_HOME/var/lib/splunk
fi

I must admit that one of our biggest challenges is building/testing/supporting software on so many platforms - we have more platforms/architectures than we have engineers ;-)
We do have automated tests that run on 8 flavors of linux, 4 solaris, 4 mac, 3 freebsd, etc.
The automated tests do run the installer, but at this point some of the configuration settings via the installer are not tested.
I will add this one to the suite.

Again, i'll fix them as fast as we can and will add more of the setup testing to the automated tests.

e.

4
posted by: emma  |  posts
date: July 17, 2006
permalink

This should be fixed in our newest release, 2.0.12.