Installation

How to start the Splunk service on Red Hat Linux?

Alan_Bradley
Path Finder

I installed the Splunk Linux version today (rpm version) but I don't know how to start Splunk service. I tried to input command service Splunk start and /etc/init.d/splunk start but these services did not have Linux. How can I start Splunk service?

Labels (1)
1 Solution

matt
Splunk Employee
Splunk Employee

You will want to run the command: $SPLUNK_HOME/bin/splunk start

Reference: http://docs.splunk.com/Documentation/Splunk/5.0/Installation/StartSplunkforthefirsttime

You may also want to check these instructions on how to start SPlunk at boot time: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/ConfigureSplunktostartatboottime

View solution in original post

brent_weaver
Builder

If it is RHEL 7.x + I would recommend using systemd to manage the splunk service:

$SPLUNK_HOME/bin/splunk enable boot-start -systemd-managed 1 -user <username> -group <groupname>

https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/RunSplunkassystemdservice

This will create a file in /etc/systemd/system/Splunkd.service and I replace the contents of that with:

 

[Unit]
After=network.target

[Service]
Type=simple
Restart=always
ExecStart= /opt/splunk/bin/splunk _internal_launch_under_systemd
ExecStop = /opt/splunk/bin/splunk stop
ExecReload = /opt/splunk/bin/splunk restart
LimitCORE = 0
LimitFSIZE = infinity
LimitDATA = infinity
LimitNPROC = 20480
LimitNOFILE = 65536
TimeoutSec = 300
SuccessExitStatus=51 52
RestartPreventExitStatus=51
RestartForceExitStatus=52
Delegate=true
MemoryLimit=100G
CPUShares=1024
PermissionsStartOnly=true
ExecStartPost=/bin/bash -c "chown -R splunk:splunk /sys/fs/cgroup/cpu/system.slice/%n"
ExecStartPost=/bin/bash -c "chown -R splunk:splunk /sys/fs/cgroup/memory/system.slice/%n"

[Install]
WantedBy=multi-user.target

 


This file will handle required ulimit settings and deal with permissions per Splunk's env specs. Also note that I am running Splunk as the linux user splunk which you can change should you want to. If you choose to do this make sure you refresh systemd daemon:  

 

systemctl daemon-reload 

 

 

 

 

I prefer running Splunk using systemd instead of the legacy init.d as there is more functionality and I would assume it is going to be more supported moving forward. 

paulmarticsi
Explorer
$SPLUNK_HOME/bin/splunk enable boot-start

Installs a service file in /etc/init.d that supports start|stop|restart|status

0 Karma

paulmarticsi
Explorer

Better answer:
$SPLUNK_HOME/bin/splunk enable boot-start
This creates an init.d service file.

srisahitya_v
Communicator

first go to bin folder in Splunk

bin> ./splunk start

for stop the splunk

bin> ./splunk stop

matt
Splunk Employee
Splunk Employee

You will want to run the command: $SPLUNK_HOME/bin/splunk start

Reference: http://docs.splunk.com/Documentation/Splunk/5.0/Installation/StartSplunkforthefirsttime

You may also want to check these instructions on how to start SPlunk at boot time: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/ConfigureSplunktostartatboottime

Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...