Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to set command line parameters that splunkd passes to mongod?

kurdbahr
Path Finder
‎02-17-2015 08:09 AM

How do I configure the command line parameters that splunkd passes to mongod?
Especially I would like to set the --bind_ip parameter so that mongod listens on localhost only.
By default it listens on all available interfaces.

Tags (3)
Reply

southeringtonp
Motivator
‎08-10-2017 09:22 AM

Personally I prefer to outright disable the kvstore, at least until Splunk gets some sort of coherent setup for it. The way the whole thing is implemented still feels a bit like a cheap hack. In server.conf, you can set:

[kvstore]
disabled = true

That said, it appears that mongod is executed explicitly from splunkd, so if you actually need it, then unless there's some kind of undocumented way to configure it, it's going to be difficult to fix directly.

It should be possible to work around with a shell script, but it would fall under the category of extremely unsupported.

If somebody wants to come along and downvote this as a bad idea, feel free, but please also provide a viable solution if you do. I'm sure I'm not the only one who'd like to see a clean fix.

#!/bin/sh
#
# Wrapper script for Splunk internal mongodb (aka kvstore) instance
#
# Disclaimer:  This is an awful hack and EXTREMELY UNSUPPORTED.  Don't come to me or to Splunk if it breaks everything.
#
# To use:
#   cd /opt/splunk/bin
#   mv -v mongod mongod.bin
#   ln -s mongod-wrapper.sh mongod
#
# Splunk will then execute the shell script instead of the default.
# Splunk will also throw InstalledFilesHashChecker warnings in splunkd.log
# This may also prevent Splunk's normal init scripts from shutting mongodb down correctly.
#
ADD_PARAMS="--sslCAFile /opt/splunk/etc/auth/rootCA.pem --bind_ip 127.0.0.1 --sslPEMKeyFile=/opt/splunk/etc/auth/splunk-mongodb.pem --sslMode requireSSL --sslAllowConnectionsWithoutCertificates"
echo $0.bin $1 $2 $3 $4 $5 $6 $7 $8 $9 $ADD_PARAMS > /tmp/mongod.cmdline
exec $0.bin $1 $2 $3 $4 $5 $6 $7 $8 $9 $ADD_PARAMS
Reply

skylasam_splunk
Splunk Employee
Splunk Employee
‎02-17-2015 10:23 AM

You can control this by setting the SPLUNK_BINDIP in splunk-launch.conf.

0 Karma
Reply

kurdbahr
Path Finder
‎02-17-2015 10:44 AM

I would like to change the bind address of the mongod process only, not that of the splunkd process.

Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...