Installation

How to start the Splunk service on Red Hat Linux?

Alan_Bradley
Path Finder

I installed the Splunk Linux version today (rpm version) but I don't know how to start Splunk service. I tried to input command service Splunk start and /etc/init.d/splunk start but these services did not have Linux. How can I start Splunk service?

Labels (1)
1 Solution

matt
Splunk Employee
Splunk Employee

You will want to run the command: $SPLUNK_HOME/bin/splunk start

Reference: http://docs.splunk.com/Documentation/Splunk/5.0/Installation/StartSplunkforthefirsttime

You may also want to check these instructions on how to start SPlunk at boot time: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/ConfigureSplunktostartatboottime

View solution in original post

brent_weaver
Builder

If it is RHEL 7.x + I would recommend using systemd to manage the splunk service:

$SPLUNK_HOME/bin/splunk enable boot-start -systemd-managed 1 -user <username> -group <groupname>

https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/RunSplunkassystemdservice

This will create a file in /etc/systemd/system/Splunkd.service and I replace the contents of that with:

 

[Unit]
After=network.target

[Service]
Type=simple
Restart=always
ExecStart= /opt/splunk/bin/splunk _internal_launch_under_systemd
ExecStop = /opt/splunk/bin/splunk stop
ExecReload = /opt/splunk/bin/splunk restart
LimitCORE = 0
LimitFSIZE = infinity
LimitDATA = infinity
LimitNPROC = 20480
LimitNOFILE = 65536
TimeoutSec = 300
SuccessExitStatus=51 52
RestartPreventExitStatus=51
RestartForceExitStatus=52
Delegate=true
MemoryLimit=100G
CPUShares=1024
PermissionsStartOnly=true
ExecStartPost=/bin/bash -c "chown -R splunk:splunk /sys/fs/cgroup/cpu/system.slice/%n"
ExecStartPost=/bin/bash -c "chown -R splunk:splunk /sys/fs/cgroup/memory/system.slice/%n"

[Install]
WantedBy=multi-user.target

 


This file will handle required ulimit settings and deal with permissions per Splunk's env specs. Also note that I am running Splunk as the linux user splunk which you can change should you want to. If you choose to do this make sure you refresh systemd daemon:  

 

systemctl daemon-reload 

 

 

 

 

I prefer running Splunk using systemd instead of the legacy init.d as there is more functionality and I would assume it is going to be more supported moving forward. 

paulmarticsi
Explorer
$SPLUNK_HOME/bin/splunk enable boot-start

Installs a service file in /etc/init.d that supports start|stop|restart|status

0 Karma

paulmarticsi
Explorer

Better answer:
$SPLUNK_HOME/bin/splunk enable boot-start
This creates an init.d service file.

srisahitya_v
Communicator

first go to bin folder in Splunk

bin> ./splunk start

for stop the splunk

bin> ./splunk stop

matt
Splunk Employee
Splunk Employee

You will want to run the command: $SPLUNK_HOME/bin/splunk start

Reference: http://docs.splunk.com/Documentation/Splunk/5.0/Installation/StartSplunkforthefirsttime

You may also want to check these instructions on how to start SPlunk at boot time: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/ConfigureSplunktostartatboottime

Get Updates on the Splunk Community!

Detecting Brute Force Account Takeover Fraud with Splunk

This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...

Buttercup Games: Further Dashboarding Techniques (Part 9)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games: Further Dashboarding Techniques (Part 8)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...