How to set command line parameters that splunkd passes to mongod?

Path Finder

How do I configure the command line parameters that splunkd passes to mongod?
Especially I would like to set the --bind_ip parameter so that mongod listens on localhost only.
By default it listens on all available interfaces.

Tags (3)


Personally I prefer to outright disable the kvstore, at least until Splunk gets some sort of coherent setup for it. The way the whole thing is implemented still feels a bit like a cheap hack. In server.conf, you can set:

disabled = true

That said, it appears that mongod is executed explicitly from splunkd, so if you actually need it, then unless there's some kind of undocumented way to configure it, it's going to be difficult to fix directly.

It should be possible to work around with a shell script, but it would fall under the category of extremely unsupported.

If somebody wants to come along and downvote this as a bad idea, feel free, but please also provide a viable solution if you do. I'm sure I'm not the only one who'd like to see a clean fix.

# Wrapper script for Splunk internal mongodb (aka kvstore) instance
# Disclaimer:  This is an awful hack and EXTREMELY UNSUPPORTED.  Don't come to me or to Splunk if it breaks everything.
# To use:
#   cd /opt/splunk/bin
#   mv -v mongod mongod.bin
#   ln -s mongod
# Splunk will then execute the shell script instead of the default.
# Splunk will also throw InstalledFilesHashChecker warnings in splunkd.log
# This may also prevent Splunk's normal init scripts from shutting mongodb down correctly.
ADD_PARAMS="--sslCAFile /opt/splunk/etc/auth/rootCA.pem --bind_ip --sslPEMKeyFile=/opt/splunk/etc/auth/splunk-mongodb.pem --sslMode requireSSL --sslAllowConnectionsWithoutCertificates"
echo $0.bin $1 $2 $3 $4 $5 $6 $7 $8 $9 $ADD_PARAMS > /tmp/mongod.cmdline
exec $0.bin $1 $2 $3 $4 $5 $6 $7 $8 $9 $ADD_PARAMS 

Splunk Employee
Splunk Employee

You can control this by setting the SPLUNK_BINDIP in splunk-launch.conf.

0 Karma

Path Finder

I would like to change the bind address of the mongod process only, not that of the splunkd process.

Get Updates on the Splunk Community!

Streamline Data Ingestion With Deployment Server Essentials

REGISTER NOW!Every day the list of sources Admins are responsible for gets bigger and bigger, often making the ...

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

REGISTER NOW!Join us for a Tech Talk around our latest release of Splunk Enterprise Security 7.2! We’ll walk ...

Introduction to Splunk AI

WATCH NOWHow are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. ...