Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Separating a scripted BASH input from the parent (Splunk) process in order to perform restart on Linux (Ubuntu)

bkcarter
Path Finder
‎01-15-2020 09:58 AM

I am attempting to run a scheduled BASH scripted input on UF 7.2.x on Ubuntu 16 or later.

The script does some preparatory work and then STOPS the UF.
It then needs to change some things in the UF environment, and then restart the UF.

Testing it from the CLI shows that the script works according to plan, HOWEVER,
when running it as a scripted input, the last line that gets executed is the SPLUNK STOP command.

I know the reason is that when the UF stops, it destroys the process tree that is running the script.
From reading older threads on similar issues, I find that this behavior used to not be the default. People were complaining that things were continuing to run, and chewing up resources even though the UF had been stopped. I understand that concern, however in this case, I really need it to keep running, even though that no longer appears to be the default behavior.

I have attempted using a wrapper script using the bash and & parameters, as well as NOHUP and SCREEN. All to no avail. They all get killed when the UF stops. I have attempted using a .path file to call the script. Same result.

How can a fork something that is no longer dependent on the UF process for this one script?

Any help is greatly appreciated!

0 Karma
Reply

MuS
Legend
‎01-15-2020 11:00 AM

Hi bkcarter,

Not really a Splunk issue as you probably know 😉 But here to help anyway 🙂

Since you tried NOHUP and screen already without success have you considered using setsid ?
You can find a good example here https://superuser.com/a/172476

Hope that helps ...

cheers, MuS

0 Karma
Reply

bkcarter
Path Finder
‎01-15-2020 12:46 PM

Thank for the quick response. Unfortunately setsid didn't work either.

They all seem to be doing the right thing IF I am trying to detach from the TTY session that I am using. However, I want to detach the bash script from the splunkd process, and I can't seem to figure out how to do that.

I know this is not directly related to Splunk, but I have searched the Linux forums as well, and cannot find specifics on how to do it. I may just not know how to ask the question properly there. I had hoped that since I was trying to do it under Splunk scripted inputs, someone here may have run into it before.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...