Package Details: splunk 3:

Git Clone URL: (read-only, click to copy)
Package Base: splunk
Description: Statistical analysis and search tool for logs and machine data
Upstream URL:
Licenses: custom
Submitter: lb.laboon
Maintainer: lb.laboon
Last Packager: lb.laboon
Votes: 6
Popularity: 0.43
First Submitted: 2015-12-07 16:56
Last Updated: 2021-06-25 21:36

Latest Comments

1 2 Next › Last »

lb.laboon commented on 2021-06-25 21:39

@maverick1 I just updated and converted the package to use modern sysusers and tmpfiles for user creation. If you wanna give it another shot, it should work for you now.

If you are referring to the Splunk login credentials, you will need to create those yourself:

maverick1 commented on 2021-06-25 12:15

By starting Splunk using systemctl results in "No users exist. Please set up a user.". Nothing has worked yet.

jskier commented on 2021-01-16 19:16

@lb.laboon, thanks, I'll check it out.

lb.laboon commented on 2021-01-16 19:12

I've been hitting that as well, although I thought it might've just been me since nobody said anything :D

I did a little experimenting and I think it might be because PKGBUILDs default to stripping debug symbols from binaries, resulting in the checksums differing. I just pushed a new version which disables that.

jskier commented on 2021-01-15 21:14

Shouldn't newer versions overwrite existing files? I had an issue with a bundled app, splunk_secure_gateway, that had file integrity issues. The files themselves were correct, however the FI DB complained about mismatched hashes. Once I extracted the tgz manual and overwrote all files, it went away.

lb.laboon commented on 2018-09-18 18:22


It sounds like some of the files in your installation may have gotten owned by the root user (or another non-splunk user). Try running chown -R splunk:splunk /opt/splunk and see if that fixes the issue.

PhotonX commented on 2018-09-17 11:04

After the update I could not log in because no users were present, so I started Splunk with

/opt/splunk/bin/splunk start

and set up the admin user.

Now I can only start with this command, trying to start using systemd gives the following errors (output of journalctl):

Seems like a permission problem but I don't really understand what is going wrong here...

lb.laboon commented on 2018-09-09 16:50

Starting with 7.1.3, 32-bit is no longer supported in the main Splunk release. Instead, 32-bit support continues in the 6.3.* series.

If there are any 32-bit users out there, let me know and I will create a separate 32-bit package for Splunk.

lb.laboon commented on 2016-09-30 15:15

Starting with 6.5.0, Splunk now ships with an empty users.ini file (located in /opt/splunk/etc/users). If you are having issues upgrading, try deleting this file first (it is normally empty, so this shouldn't be a problem).

lb.laboon commented on 2016-01-15 23:22

Thanks, didn't know about those. I updated the PKGBUILD.