Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to set command line parameters that splunkd passes to mongod?

kurdbahr
Path Finder
‎02-17-2015 08:09 AM

How do I configure the command line parameters that splunkd passes to mongod?
Especially I would like to set the --bind_ip parameter so that mongod listens on localhost only.
By default it listens on all available interfaces.

Tags (3)
Reply

southeringtonp
Motivator
‎08-10-2017 09:22 AM

Personally I prefer to outright disable the kvstore, at least until Splunk gets some sort of coherent setup for it. The way the whole thing is implemented still feels a bit like a cheap hack. In server.conf, you can set:

[kvstore]
disabled = true

That said, it appears that mongod is executed explicitly from splunkd, so if you actually need it, then unless there's some kind of undocumented way to configure it, it's going to be difficult to fix directly.

It should be possible to work around with a shell script, but it would fall under the category of extremely unsupported.

If somebody wants to come along and downvote this as a bad idea, feel free, but please also provide a viable solution if you do. I'm sure I'm not the only one who'd like to see a clean fix.

#!/bin/sh
#
# Wrapper script for Splunk internal mongodb (aka kvstore) instance
#
# Disclaimer:  This is an awful hack and EXTREMELY UNSUPPORTED.  Don't come to me or to Splunk if it breaks everything.
#
# To use:
#   cd /opt/splunk/bin
#   mv -v mongod mongod.bin
#   ln -s mongod-wrapper.sh mongod
#
# Splunk will then execute the shell script instead of the default.
# Splunk will also throw InstalledFilesHashChecker warnings in splunkd.log
# This may also prevent Splunk's normal init scripts from shutting mongodb down correctly.
#
ADD_PARAMS="--sslCAFile /opt/splunk/etc/auth/rootCA.pem --bind_ip 127.0.0.1 --sslPEMKeyFile=/opt/splunk/etc/auth/splunk-mongodb.pem --sslMode requireSSL --sslAllowConnectionsWithoutCertificates"
echo $0.bin $1 $2 $3 $4 $5 $6 $7 $8 $9 $ADD_PARAMS > /tmp/mongod.cmdline
exec $0.bin $1 $2 $3 $4 $5 $6 $7 $8 $9 $ADD_PARAMS
Reply

skylasam_splunk
Splunk Employee
Splunk Employee
‎02-17-2015 10:23 AM

You can control this by setting the SPLUNK_BINDIP in splunk-launch.conf.

0 Karma
Reply

kurdbahr
Path Finder
‎02-17-2015 10:44 AM

I would like to change the bind address of the mongod process only, not that of the splunkd process.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...