I set Splunk to start on boot with /op/splunk/bin/splunk enable boot-start and have verified the script
/opt/splunk/bin/splunk status
splunkd is not running.
splunkweb is not running.
ls -al /etc/init.d/ | grep splunk
-rwx------. 1 root root 992 Feb 14 16:24 splunk
chkconfig --list | grep splunk
splunk 0:off 1:off 2:on 3:on 4:on 5:on 6:off
All looks good to me, however Splunk does not start on a restart. Any ideas?
I noticed this same issue on some older Solaris machines. Seems some shell implementations don't have a $USER.
If $USER doesn't exist in the manner you start the splunk instance then the splunkforwarder won't start up.
So I just added the serverName=$HOSTNAME definition to the general stanza in the local/server.conf file.
After checking boot.log I found out that Splunk 4.3 uses $HOSTNAME-$USER as the Splunk hostname. In my case it was having an issue with $USER so I changed it to just $HOSTNAME and it starts fine on boot/restart. Have not researched the issue, but then again I don't really care about appending $USER to the Splunk hostname.
Hi menkurau
cheers