Re: CentOS Splunk Not Starting On Boot

menkurau · ‎02-14-2012

I set Splunk to start on boot with /op/splunk/bin/splunk enable boot-start and have verified the script
/opt/splunk/bin/splunk status
splunkd is not running.
splunkweb is not running.
ls -al /etc/init.d/ | grep splunk
-rwx------. 1 root root 992 Feb 14 16:24 splunk
chkconfig --list | grep splunk
splunk 0:off 1:off 2:on 3:on 4:on 5:on 6:off

All looks good to me, however Splunk does not start on a restart. Any ideas?

agrant · ‎05-04-2012

I noticed this same issue on some older Solaris machines. Seems some shell implementations don't have a $USER.
If $USER doesn't exist in the manner you start the splunk instance then the splunkforwarder won't start up.

So I just added the serverName=$HOSTNAME definition to the general stanza in the local/server.conf file.

menkurau · ‎02-28-2012

After checking boot.log I found out that Splunk 4.3 uses $HOSTNAME-$USER as the Splunk hostname. In my case it was having an issue with $USER so I changed it to just $HOSTNAME and it starts fine on boot/restart. Have not researched the issue, but then again I don't really care about appending $USER to the Splunk hostname.

MuS · ‎02-14-2012

Hi menkurau

what are the logs reporting, system logs as well if existing $SPLUNK_HOME/var/log/splunk/splunkd.log?
what happens if you fire up the start script by hand?
does the user running splunk have the necessary permissions?

cheers

CentOS Splunk Not Starting On Boot

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...