Installation

How to start the Splunk service on Red Hat Linux?

Alan_Bradley
Path Finder

I installed the Splunk Linux version today (rpm version) but I don't know how to start Splunk service. I tried to input command service Splunk start and /etc/init.d/splunk start but these services did not have Linux. How can I start Splunk service?

Labels (1)
1 Solution

matt
Splunk Employee
Splunk Employee

You will want to run the command: $SPLUNK_HOME/bin/splunk start

Reference: http://docs.splunk.com/Documentation/Splunk/5.0/Installation/StartSplunkforthefirsttime

You may also want to check these instructions on how to start SPlunk at boot time: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/ConfigureSplunktostartatboottime

View solution in original post

brent_weaver
Builder

If it is RHEL 7.x + I would recommend using systemd to manage the splunk service:

$SPLUNK_HOME/bin/splunk enable boot-start -systemd-managed 1 -user <username> -group <groupname>

https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/RunSplunkassystemdservice

This will create a file in /etc/systemd/system/Splunkd.service and I replace the contents of that with:

 

[Unit]
After=network.target

[Service]
Type=simple
Restart=always
ExecStart= /opt/splunk/bin/splunk _internal_launch_under_systemd
ExecStop = /opt/splunk/bin/splunk stop
ExecReload = /opt/splunk/bin/splunk restart
LimitCORE = 0
LimitFSIZE = infinity
LimitDATA = infinity
LimitNPROC = 20480
LimitNOFILE = 65536
TimeoutSec = 300
SuccessExitStatus=51 52
RestartPreventExitStatus=51
RestartForceExitStatus=52
Delegate=true
MemoryLimit=100G
CPUShares=1024
PermissionsStartOnly=true
ExecStartPost=/bin/bash -c "chown -R splunk:splunk /sys/fs/cgroup/cpu/system.slice/%n"
ExecStartPost=/bin/bash -c "chown -R splunk:splunk /sys/fs/cgroup/memory/system.slice/%n"

[Install]
WantedBy=multi-user.target

 


This file will handle required ulimit settings and deal with permissions per Splunk's env specs. Also note that I am running Splunk as the linux user splunk which you can change should you want to. If you choose to do this make sure you refresh systemd daemon:  

 

systemctl daemon-reload 

 

 

 

 

I prefer running Splunk using systemd instead of the legacy init.d as there is more functionality and I would assume it is going to be more supported moving forward. 

paulmarticsi
Explorer
$SPLUNK_HOME/bin/splunk enable boot-start

Installs a service file in /etc/init.d that supports start|stop|restart|status

0 Karma

paulmarticsi
Explorer

Better answer:
$SPLUNK_HOME/bin/splunk enable boot-start
This creates an init.d service file.

srisahitya_v
Communicator

first go to bin folder in Splunk

bin> ./splunk start

for stop the splunk

bin> ./splunk stop

matt
Splunk Employee
Splunk Employee

You will want to run the command: $SPLUNK_HOME/bin/splunk start

Reference: http://docs.splunk.com/Documentation/Splunk/5.0/Installation/StartSplunkforthefirsttime

You may also want to check these instructions on how to start SPlunk at boot time: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/ConfigureSplunktostartatboottime

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...

SplunkTrust | 2024 SplunkTrust Application Period is Open!

It's that time again, folks! That's right, the application/nomination period for the 2024 SplunkTrust is ...