Solved: How to start the Splunk service on Red Hat Linux?

Alan_Bradley · ‎03-19-2010

I installed the Splunk Linux version today (rpm version) but I don't know how to start Splunk service. I tried to input command service Splunk start and /etc/init.d/splunk start but these services did not have Linux. How can I start Splunk service?

matt · ‎03-19-2010

You will want to run the command: $SPLUNK_HOME/bin/splunk start

Reference: http://docs.splunk.com/Documentation/Splunk/5.0/Installation/StartSplunkforthefirsttime

You may also want to check these instructions on how to start SPlunk at boot time: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/ConfigureSplunktostartatboottime

View solution in original post

brent_weaver · ‎11-13-2020

If it is RHEL 7.x + I would recommend using systemd to manage the splunk service:

$SPLUNK_HOME/bin/splunk enable boot-start -systemd-managed 1 -user <username> -group <groupname>

https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/RunSplunkassystemdservice

This will create a file in /etc/systemd/system/Splunkd.service and I replace the contents of that with:

[Unit]
After=network.target

[Service]
Type=simple
Restart=always
ExecStart= /opt/splunk/bin/splunk _internal_launch_under_systemd
ExecStop = /opt/splunk/bin/splunk stop
ExecReload = /opt/splunk/bin/splunk restart
LimitCORE = 0
LimitFSIZE = infinity
LimitDATA = infinity
LimitNPROC = 20480
LimitNOFILE = 65536
TimeoutSec = 300
SuccessExitStatus=51 52
RestartPreventExitStatus=51
RestartForceExitStatus=52
Delegate=true
MemoryLimit=100G
CPUShares=1024
PermissionsStartOnly=true
ExecStartPost=/bin/bash -c "chown -R splunk:splunk /sys/fs/cgroup/cpu/system.slice/%n"
ExecStartPost=/bin/bash -c "chown -R splunk:splunk /sys/fs/cgroup/memory/system.slice/%n"

[Install]
WantedBy=multi-user.target

This file will handle required ulimit settings and deal with permissions per Splunk's env specs. Also note that I am running Splunk as the linux user splunk which you can change should you want to. If you choose to do this make sure you refresh systemd daemon:

systemctl daemon-reload

I prefer running Splunk using systemd instead of the legacy init.d as there is more functionality and I would assume it is going to be more supported moving forward.

paulmarticsi · ‎09-15-2017

$SPLUNK_HOME/bin/splunk enable boot-start

Installs a service file in /etc/init.d that supports start|stop|restart|status

paulmarticsi · ‎09-15-2017

Better answer:
$SPLUNK_HOME/bin/splunk enable boot-start
This creates an init.d service file.

srisahitya_v · ‎05-10-2015

first go to bin folder in Splunk

bin> ./splunk start

for stop the splunk

bin> ./splunk stop

matt · ‎03-19-2010

You will want to run the command: $SPLUNK_HOME/bin/splunk start

Reference: http://docs.splunk.com/Documentation/Splunk/5.0/Installation/StartSplunkforthefirsttime

You may also want to check these instructions on how to start SPlunk at boot time: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/ConfigureSplunktostartatboottime

How to start the Splunk service on Red Hat Linux?

Linux

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Are you a member of the Splunk Community?

How to start the Splunk service on Red Hat Linux?

Linux

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)