Installation
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to install Splunk Enterprise as non-root user RHEL 9?

LinghGroove
Explorer
‎01-31-2023 03:07 AM

Hello, I am having troubles with the installation of Splunk Enterprise as non-root user. I think it may be some kind of problem with Red Hat Enterprise v9 or maybe systemd. Online, even in the documentation and in the community, i was not able to find precise informations on how to execute the installation as non-root user (even for non-fedora systems). Consulting online resources i came up with this steps: 

 

 

sudo su
useradd splunk
mv package.rpm /tmp; cd tmp
rpm -i package.rpm 
ls -l /opt/ | grep splunk #i don't give ownership to /opt/splunk to the user splunk because with the installation it is automatic 
su - splunk
cd /opt/splunk/bin
./splunk start --accept-license
PIDS=$(/opt/splunk/bin/splunk status | grep splunkd | awk {'print$5'} | tr -d \)\.); ps -p $PIDS -o ruser= #to check if it is executed by splunk
./splunk stop
exit
/opt/splunk/bin/splunk enable boot-start -systemd-managed 1 #the boot-start is started after the /splunk start, for some strange reason if i put the boot-start before the start it doesn't let me use the splunk command
su - splunk
/opt/splunk/bin/splunk start
exit

# for the integrated firewall problem:
sudo su
firewall-cmd --zone=public --add-port=8000/tcp --permanent;
firewall-cmd --zone=public --add-port=8089/tcp --permanent;
firewall-cmd --zone=public --add-port=9997/tcp --permanent;
firewall-cmd --zone=public --add-port=9887/tcp --permanent;
firewall-cmd --reload

 

 

 

 they are far from perfect but for some strange reason this steps make it all work. Unfortunatly i am not confident with this solution and i don't want to use it in a production enviroment. So i am here to ask you if some of you know some better steps to do this installation. If you have some best practices that i am ignoring i would be glad to hear them. Thanks a lot in advance 🙂

Labels (3)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

shivanshu1593
Builder
‎02-01-2023 10:17 AM

Once you have enabled boot-start, then why try to bring Splunk up from /opt/splunk/bin. Just run the command systemctl start Splunkd.service (Or whatever name systemd gave while enabling boot-start) and you should be good to go as you basically confirm that permissions look good to you.

Regarding your question about putting boot-start before splunk start, I haven't seen it work like that. Splunk enterprise needs to be installed first before you enable boot-start. So doing what your script is currently doing is the right way.

++If it helps, please consider accepting as an answer++

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###

View solution in original post

Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎02-01-2023 11:09 AM

Hi

There shouldn't be any issue to use another user than root to run splunk. Couple of think what you must do to get it working.

  • after yum/dnf/rpm installation you must check that those files are owned by correct user (chown -fR splunk:splunk /opt/splunk)
  • sudo -u splunk bash
  • /opt/splunk/bin/splunk start --accept-license --answer-yes
    • give admin user account name + password for it when splunk ask those (don't os user!)
  • /opt/splunk/bin/splunk stop
  • back to root
  • then /opt/splunk/bin/splunk enable boot-start -systemd-managed 1 -user splunk
  • After that is should start/stop/restart with systemctl splunkd restart etc. (check correct service name)
  • Update/add needed firewalld ports etc and selinux requirements

r. Ismo

Reply
Solved! Jump to solution

fenice
Engager
‎05-06-2023 10:14 AM

Thanks for those wonderfully simple instructions, they're even better than the product documentation. 🙂

I'm a user of the 'free' version which I've been using for years as an enthusiastic home user. Unfortunately my Splunk VM decided to go AWOL and was totally inaccessible and eventually I had to delete it and start again. Although I've lost my old data the new server was up and running in a very short  time. Thanks again for your post.

 

Regards

 

Bil

Reply
Solved! Jump to solution
Solution

shivanshu1593
Builder
‎02-01-2023 10:17 AM

Once you have enabled boot-start, then why try to bring Splunk up from /opt/splunk/bin. Just run the command systemctl start Splunkd.service (Or whatever name systemd gave while enabling boot-start) and you should be good to go as you basically confirm that permissions look good to you.

Regarding your question about putting boot-start before splunk start, I haven't seen it work like that. Splunk enterprise needs to be installed first before you enable boot-start. So doing what your script is currently doing is the right way.

++If it helps, please consider accepting as an answer++

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
Reply
Get Updates on the Splunk Community!

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...

Buttercup Games: Further Dashboarding Techniques (Part 6)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top