To install the splunkforwarder to connect to Splunk Cloud, at boot time, I run splunk set servername -auth admin:
, which fails as follow:
But I get the following error:
2016-08-29 23:21:01,589 P1647 [INFO] + /opt/splunkforwarder/bin/splunk set servername zookeeper1.logs001msi.us-west-1a.i-250d4d60.54-183-105-58.374244366136 -auth '${SPLUNK_USER}:${SPLUNK_PASSWORD}'
2016-08-29 23:21:01,589 P1647 [INFO] Could not look up HOME variable. Auth tokens cannot be cached.
***
2016-08-29 23:21:01,589 P1647 [INFO] Login failed
***
2016-08-29 23:21:01,589 P1647 [INFO] + /opt/splunkforwarder/bin/splunk edit monitor /var/log -auth '${SPLUNK_USER}:${SPLUNK_PASSWORD}'
2016-08-29 23:21:01,589 P1647 [INFO] Could not look up HOME variable. Auth tokens cannot be cached.
2016-08-29 23:21:01,589 P1647 [INFO] Login failed
Is there a way to get around this?
Best,
It turns out that this is a bash human error.
'${SPLUNK_USER}:${SPLUNK_PASSWORD}' doesn't expend in bash.
The expansion only happens if it is double quoted.
It turns out that this is a bash human error.
'${SPLUNK_USER}:${SPLUNK_PASSWORD}' doesn't expend in bash.
The expansion only happens if it is double quoted.
Does the user running splunk on your forwarder have a home directory (/home/accountName) on the filesystem? If you run as the user 'splunk', there should be a directory named /home/splunk
That directory should be owned by splunk as well and it's group needs to be splunk, so the account can write to it.