Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Getting Data In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Community
- :
- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Why is Splunkd not starting after a reboot, wih Sy...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
yannK
Splunk Employee
04-13-2022
02:30 PM
We setup splunkd to autostart using systemd.
-> https://docs.splunk.com/Documentation/Splunk/latest/Admin/RunSplunkassystemdservice
but when the linux server reboot, we did no see Splunkd starting, we had to manually start it.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
yannK
Splunk Employee
04-13-2022
02:32 PM
TL;DR : you need systemd setup AND splunkd service enabled for it to kick in.
____
1) Check if you have the systemd script setup :
/etc/systemd/system/Splunkd.service
2) check if the Splunkd service is enabled
systemctl status Splunkd
when it's enabled and started, you will see
● Splunkd.service - Systemd service file for Splunk, generated by 'splunk enable boot-start'
Loaded: loaded (/etc/systemd/system/Splunkd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2022-04-13 14:46:44 UTC; 4h 46min ago
Main PID: 982 (splunkd)
Memory: 1.0G (limit: 1.7G)
CGroup: /system.slice/Splunkd.service
├─ 982 splunkd --under-systemd --systemd-delegate=yes -p 8089 _internal_launch_under_systemd
├─1756 [splunkd pid=982] splunkd --under-systemd --systemd-delegate=yes -p 8089 _internal_launch_under_systemd [process-runner]
├─2279 mongod --dbpath=/opt/splunk/var/lib/splunk/kvstore/mongo --storageEngine=mmapv1 --port=8191 --timeStampFormat=iso8601-utc --smallfiles --oplogSize...
├─2408 /opt/splunk/bin/python3.7 -O /opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/root.py --proxied=127.0.0.1,8065,8000
└─2411 /opt/splunk/bin/splunkd instrument-resource-usage -p 8089 --with-kvstore
If it's disabled and not started you will see
Splunkd.service - Systemd service file for Splunk, generated by 'splunk enable boot-start' Loaded: loaded (/etc/systemd/system/Splunkd.service; disabled; vendor preset: disabled)
if it's disabled but was manually started you will see
Splunkd.service - Systemd service file for Splunk, generated by 'splunk enable boot-start'
Loaded: loaded (/etc/systemd/system/Splunkd.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2022-04-13 14:46:44 UTC; 4h 51min ago
Main PID: 982 (splunkd)
CGroup: /system.slice/Splunkd.service
├─ 982 splunkd --under-systemd --systemd-delegate=yes -p 8089 _internal_launch_under_systemd
├─1756 [splunkd pid=982] splunkd --under-systemd --systemd-delegate=yes -p 8089 _internal_launch_under_systemd [process-runner]
├─2279 mongod --dbpath=/opt/splunk/var/lib/splunk/kvstore/mongo --storageEngine=mmapv1 --port=8191 --timeStampFormat=iso8601-utc --smallfiles --oplogSize...
├─2408 /opt/splunk/bin/python3.7 -O /opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/root.py --proxied=127.0.0.1,8065,8000
└─2411 /opt/splunk/bin/splunkd instrument-resource-usage -p 8089 --with-kvstore
if you do not see it enabled, enable it
systemctl enable Splunkd
Then it should autostart when you reboot your server.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
yannK
Splunk Employee
04-13-2022
02:32 PM
TL;DR : you need systemd setup AND splunkd service enabled for it to kick in.
____
1) Check if you have the systemd script setup :
/etc/systemd/system/Splunkd.service
2) check if the Splunkd service is enabled
systemctl status Splunkd
when it's enabled and started, you will see
● Splunkd.service - Systemd service file for Splunk, generated by 'splunk enable boot-start'
Loaded: loaded (/etc/systemd/system/Splunkd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2022-04-13 14:46:44 UTC; 4h 46min ago
Main PID: 982 (splunkd)
Memory: 1.0G (limit: 1.7G)
CGroup: /system.slice/Splunkd.service
├─ 982 splunkd --under-systemd --systemd-delegate=yes -p 8089 _internal_launch_under_systemd
├─1756 [splunkd pid=982] splunkd --under-systemd --systemd-delegate=yes -p 8089 _internal_launch_under_systemd [process-runner]
├─2279 mongod --dbpath=/opt/splunk/var/lib/splunk/kvstore/mongo --storageEngine=mmapv1 --port=8191 --timeStampFormat=iso8601-utc --smallfiles --oplogSize...
├─2408 /opt/splunk/bin/python3.7 -O /opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/root.py --proxied=127.0.0.1,8065,8000
└─2411 /opt/splunk/bin/splunkd instrument-resource-usage -p 8089 --with-kvstore
If it's disabled and not started you will see
Splunkd.service - Systemd service file for Splunk, generated by 'splunk enable boot-start' Loaded: loaded (/etc/systemd/system/Splunkd.service; disabled; vendor preset: disabled)
if it's disabled but was manually started you will see
Splunkd.service - Systemd service file for Splunk, generated by 'splunk enable boot-start'
Loaded: loaded (/etc/systemd/system/Splunkd.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2022-04-13 14:46:44 UTC; 4h 51min ago
Main PID: 982 (splunkd)
CGroup: /system.slice/Splunkd.service
├─ 982 splunkd --under-systemd --systemd-delegate=yes -p 8089 _internal_launch_under_systemd
├─1756 [splunkd pid=982] splunkd --under-systemd --systemd-delegate=yes -p 8089 _internal_launch_under_systemd [process-runner]
├─2279 mongod --dbpath=/opt/splunk/var/lib/splunk/kvstore/mongo --storageEngine=mmapv1 --port=8191 --timeStampFormat=iso8601-utc --smallfiles --oplogSize...
├─2408 /opt/splunk/bin/python3.7 -O /opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/root.py --proxied=127.0.0.1,8065,8000
└─2411 /opt/splunk/bin/splunkd instrument-resource-usage -p 8089 --with-kvstore
if you do not see it enabled, enable it
systemctl enable Splunkd
Then it should autostart when you reboot your server.
Get Updates on the Splunk Community!
Splunk Forwarders and Forced Time Based Load Balancing
Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...
NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page
Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...
Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!
Hello everyone! Don't wait to submit - The deadline is August 12th!
We have truly missed the community so ...
