Installation

Scripted install - changing management port from command line.

hajducko
Explorer

I am in the process of creating some install scripts to install Splunk through our configuration management tool. Everything is working, except for this.

On certain systems, we use port 8089 for another application. I can detect that we're using it - but on Linux systems, there doesn't seem to be a way to tell Splunk to start the first time using a different management port other than 8089.

The Windows .msi has this feature, allowing you to set SPLUNKD_PORT during the install - is there anything available for the *nix versions that will allow the splunkd port to be set before the start?

The --answer-yes option also doesn't seem to do anything.

[root@falcon1h.web.prod:~]# /opt/splunk/bin/splunk start --answer-yes

Splunk> CSI: Logfiles.

Checking prerequisites...
    Checking http port [8000]: open
    Checking mgmt port [8089]: already bound
ERROR: The mgmt port [8089] is already bound.  Splunk needs to use this port.
Would you like to change ports? [y/n]: 

I need to be able to automate it without being asked for input, but splunk doesn't seem to have a way to do this. Am I missing something?

Tags (1)

gkanapathy
Splunk Employee
Splunk Employee

I recommend you look here: http://www.splunk.com/wiki/Deploying_Splunk_Light_Forwarders

Note that this allows completely unattended install, and specifically addresses the problem of setting a non-default port using a configuration file. In general, for automated installs, it is much preferable to use static configuration files over commands. Almost any Splunk configuration can be set using a static configuration file.

gkanapathy
Splunk Employee
Splunk Employee

Also, please file an enhancement request for a setting/config to allow forwarders to dynamically/automatically select a new listen port for Splunkd if the configured one is occupied. You can file an ER by opening a support case with priority 4 here: https://www.splunk.com/page/submit_issue

0 Karma

josephro
Observer

Hi, I am having similar issue. Do we have an option in the latest version?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...