Solved: Re: how to start the splunk service on Redhat

Alan_Bradley · ‎03-19-2010

I installed the Splunk Linux version today (rpm version) but I don't know how to start Splunk service. I tried to input command service Splunk start and /etc/init.d/splunk start but these services did not have Linux. How can I start Splunk service?

matt · ‎03-19-2010

You will want to run the command: $SPLUNK_HOME/bin/splunk start

Reference: http://docs.splunk.com/Documentation/Splunk/5.0/Installation/StartSplunkforthefirsttime

You may also want to check these instructions on how to start SPlunk at boot time: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/ConfigureSplunktostartatboottime

View solution in original post

brent_weaver · ‎11-13-2020

If it is RHEL 7.x + I would recommend using systemd to manage the splunk service:

$SPLUNK_HOME/bin/splunk enable boot-start -systemd-managed 1 -user <username> -group <groupname>

https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/RunSplunkassystemdservice

This will create a file in /etc/systemd/system/Splunkd.service and I replace the contents of that with:

[Unit]
After=network.target

[Service]
Type=simple
Restart=always
ExecStart= /opt/splunk/bin/splunk _internal_launch_under_systemd
ExecStop = /opt/splunk/bin/splunk stop
ExecReload = /opt/splunk/bin/splunk restart
LimitCORE = 0
LimitFSIZE = infinity
LimitDATA = infinity
LimitNPROC = 20480
LimitNOFILE = 65536
TimeoutSec = 300
SuccessExitStatus=51 52
RestartPreventExitStatus=51
RestartForceExitStatus=52
Delegate=true
MemoryLimit=100G
CPUShares=1024
PermissionsStartOnly=true
ExecStartPost=/bin/bash -c "chown -R splunk:splunk /sys/fs/cgroup/cpu/system.slice/%n"
ExecStartPost=/bin/bash -c "chown -R splunk:splunk /sys/fs/cgroup/memory/system.slice/%n"

[Install]
WantedBy=multi-user.target

This file will handle required ulimit settings and deal with permissions per Splunk's env specs. Also note that I am running Splunk as the linux user splunk which you can change should you want to. If you choose to do this make sure you refresh systemd daemon:

systemctl daemon-reload

I prefer running Splunk using systemd instead of the legacy init.d as there is more functionality and I would assume it is going to be more supported moving forward.

paulmarticsi · ‎09-15-2017

$SPLUNK_HOME/bin/splunk enable boot-start

Installs a service file in /etc/init.d that supports start|stop|restart|status

paulmarticsi · ‎09-15-2017

Better answer:
$SPLUNK_HOME/bin/splunk enable boot-start
This creates an init.d service file.

srisahitya_v · ‎05-10-2015

first go to bin folder in Splunk

bin> ./splunk start

for stop the splunk

bin> ./splunk stop

matt · ‎03-19-2010

You will want to run the command: $SPLUNK_HOME/bin/splunk start

Reference: http://docs.splunk.com/Documentation/Splunk/5.0/Installation/StartSplunkforthefirsttime

You may also want to check these instructions on how to start SPlunk at boot time: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/ConfigureSplunktostartatboottime

How to start the Splunk service on Red Hat Linux?

Linux

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation