All Apps and Add-ons

Will Splunk Enterprise ever fully support for RHEL 7?

ralphw_SAIC
Path Finder

To be more specific, anyone know when there will be full support for RHEL 7? With services being moved over to systemd, Splunk is still using the deprecated init.d script.

I have moved it over to a systemd service script and running it manually will stop, start, and restart the service but if I update an application and restart it through the browser it just stops the service.

You would think that since almost every linux OS is going to systemd, and has been for years now, that Splunk would update its software to recognize and do both.

Tags (2)
1 Solution

koshyk
Super Champion

The truth is most companies still fear systemd 🙂 and admins are still catching up to the reality in large organisations.
I've used the workaround for quite long now as per https://answers.splunk.com/answers/59662/is-there-a-systemd-unit-file-for-splunk.html

  1. Copy the contents which suite you into your version control
  2. After installation of Splunk, just copy this file as splunkd.service
  3. Then access like sudo systemctl enable splunkd

View solution in original post

0 Karma

bandit
Motivator

Summary of the issue:
Splunk 6.0.0 - Splunk 7.2.1 defaults to using init.d when enabling boot start
Splunk 7.2.2 - Splunk 7.2.9 defaults to using systemd when enabling boot start
Splunk 7.3.0 - Splunk 8.x defaults to using init.d when enabling boot start

systemd defaults to prompting for root credentials upon stop/start/restart of Splunk

Here is a simple fix if you have encountered this issue and prefer to use the traditional init.d scripts vs systemd.

Splunk Enterprise/Heavy Forwarder example (note: replace the splunk user below with the account you run splunk as):

sudo /opt/splunk/bin/splunk disable boot-start
sudo /opt/splunk/bin/splunk enable boot-start -user splunk -systemd-managed 0

Splunk Universal Forwarder example (note: replace the splunk user below with the account you run splunk as):

sudo /opt/splunkforwarder/bin/splunk disable boot-start
sudo /opt/splunkforwarder/bin/splunk enable boot-start -user splunk -systemd-managed 0
0 Karma

triest
Communicator

The init script doesn't bother me that much; the bigger pain is Splunk_TA_nix needing updated; specifically the service list that is practically useless. Red Hat 7 has only been out 3.5 years, you would think they would want to be able to easily list the service on a server considering its importance for security and operations. We do have support and I've opened support cases, I've spoken to people to try and get this on the road map, but they don't seem to really care.

0 Karma

koshyk
Super Champion

The truth is most companies still fear systemd 🙂 and admins are still catching up to the reality in large organisations.
I've used the workaround for quite long now as per https://answers.splunk.com/answers/59662/is-there-a-systemd-unit-file-for-splunk.html

  1. Copy the contents which suite you into your version control
  2. After installation of Splunk, just copy this file as splunkd.service
  3. Then access like sudo systemctl enable splunkd
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...