Getting Data In

Enable boot start of Splunk forwarder on oracle Linux 6.x

shabana_banu
New Member

Hi Team,

Please help me whit the steps to enable boot start of Splunk forwarder on oracle Linux 6.x.

Splunk forwarder version- 9.0.8

Splunk version - 9.0.5

 

Regards,

Shabana

Labels (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @shabana_banu ,

did you followed the instructions at https://docs.splunk.com/Documentation/Splunk/9.2.1/Installation/InstallonLinux ?

anyway the command (running Splunk as root) is 

./splunk enable boot-start 

to run Splunk as non root user see at

https://docs.splunk.com/Documentation/Splunk/9.2.1/Installation/RunSplunkasadifferentornon-rootuser

Ciao.

Giuseppe

0 Karma

shabana_banu
New Member

Ciao Gcusello , 

Yes, I reviewed these links however these steps did not work on Oracle linux 6.x.

On google I found below steps which I followed & worked on Oracle 6.x.

Let me know in case anything I am missing here however this worked for my system.

 

----steps-----

1. Create a symbolic link to init.d: Link the Splunk init script to the /etc/init.d/ directory.

sudo ln -s /opt/splunkforwarder/bin/splunk /etc/init.d/splunk

2.Configure Splunk to start at boot using chkconfig: Enable the Splunk service to start on boot.

sudo chkconfig splunk on

3.Verify the setting.

sudo chkconfig --list splunk

You should see an output similar to:

splunk 0:off 1:off 2:on 3:on 4:on 5:on 6:off

4. Manually restart the Splunk service

0 Karma
Get Updates on the Splunk Community!

Digital Resilience Assessment Launch | How prepared are you for disruption?

Disruption is inevitable. The question is – how prepared are you to handle it? In today’s fast-moving digital ...

Buttercup Games: Further Dashboarding Techniques (Part 2)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Index This | What is the next number in the series? 7,645 5,764 4,576…

February 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...