Splunk Search

What does "splunk enable boot-start" actually do?

lsouzek
Explorer

I need to enable Splunk to start on boot on a few Linux (SLES 9/10, Red Hat AS 5) and Unix (HP-UX 11.23/11.31, AIX 5.3) platforms. However, my group does not have root access to these servers so we'll have to ask our system administration group to run the commands for us. I'm guessing that they're not going to trust us to run an unfamiliar command as root. To head off that question, would it be possible to describe all the things that "splunk enable boot-start -user splunk" does behind the scenes? I'm guessing that it copies an init script into the OS-appropriate directory and then creates the symbolic links for it to be started on boot but I'd like to verify that assumption and find out if I'm missing anything.

Tags (3)
1 Solution

gkanapathy
Splunk Employee
Splunk Employee

That's all it does. If they don't want to run it, they can create their own startup script and links for the service I suppose. Or you could run it as root on a different machine (that you do have root access to) and give a copy to your admins.

View solution in original post

mattjh88
New Member

You can check what this service is set do at boot-time with

chkconfig --list | grep splunk

This will display a list of the Linux run-levels (in this case specifically Splunk)...

The numbers (0-6, incl.) represent the different modes, and state (on/off) represent the state.

List of modes...

0 = /etc/rc.d/rc0.d = Halt

1 = /etc/rc.d/rc1.d = Single-user mode

2 = /etc/rc.d/rc2.d = Not used

3 = /etc/rc.d/rc3.d = Full user CLI mode

4 = /etc/rc.d/rc4.d = Not used

5 = /etc/rc.d/rc5.d = Full user GUI mode

6 = /etc/rc.d/rc6.d = Reboot

Maybe useful for admins... ?! as it may allow more control....

0 Karma

sloshburch
Splunk Employee
Splunk Employee

I have the exact same question specifically for AIX.

I was able to get someone with root access to run the job: splunkforwarder/bin/splunk enable boot-start -user splunkadmin
Where 'splunkadmin' is my dedicated/isolated batch unix account for managing splunk.

Unfortunately, I am unable to find the init script in the same manner as I was able to find it on Linux.
I do see this was added to /etc/inittab: splunk:2:once:/usr/bin/startsrc -g splunk > /dev/console 2>&1

What specific file or OS changes occur when running the enable command AND therefore location of the init scripts on AIX?

0 Karma

mattjh88
New Member

Thanks for adding to this dwaddle, should have added more clarity.

0 Karma

dwaddle
SplunkTrust
SplunkTrust

Note this is only applicable on Linux. On AIX, for instance "splunk enable boot-start" creates an SRC subsystem object and adds an /etc/inittab line to perform a "startsrc -s splunkd". I imagine the HPUX operations are similarly OS-specific.

bricker
Engager

To add a bit more detail since I had to explain how this works to our Unix admins, here is IBM's link about the System Resource Controller: [1]: http://www-01.ibm.com/support/knowledgecenter/ssw_aix_61/com.ibm.aix.cmds5/startsrc.htm

Not sure why Splunk went this way in the first place and forked AIX in this manner.

0 Karma

mattjh88
New Member

additionally if "chkconfig" is not installed you can use something like...

sudo apt-get install chkconfig

to install the package, as long as you are connected to the Internet.

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

That's all it does. If they don't want to run it, they can create their own startup script and links for the service I suppose. Or you could run it as root on a different machine (that you do have root access to) and give a copy to your admins.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...