Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- Re: Is there a list of processes that run after st...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am looking for a list of processes that Splunk launches.
I could only find splunkd and splunkweb in the installation manual, but I see many more processes that runs in my CentOS environment.
I need to know the list of processes that run in each role (search head, indexer, cluster master, universal forwarder... etc), and the brief description of what each process does.
I would appreciate if anyone could help me with this..
Thank you very much in advance,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is no complete list, because it depends on both your version of Splunk, the various scripts you may have and the searches that are running. But here is most of it
splunkd - this is the "engine" that does most of the work. The first splunkd process is the parent of all the other running Splunk processes
in Splunk 6.2, a second copy of splunkd runs to manage the user interface
a third copy of splunkd may run to collect information about how Splunk uses system resources
mongod - not in earlier versions, but starting in 6.2, this process manages the mongo db that contains the KV store
python - Splunk may run a python process
Splunk will also launch processes as needed to run scripted inputs, alert scripts and searches. These will be subprocesses of splunkd. Earlier versions of Splunk ran a splunkweb process, but that is no longer true in version 6.2
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would need the list so monitoring team will know which processes are splunk-related.
For now, I just needed it for Splunk 6.2.1 indexer and universal forwarder on Cent OS.
I would really appreciate if anyone provide the list.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How about the $SPLUNK_HOME/bin/splunk status command which will provide a list of all processes and pid's like this:
splunkd is running (PID: 1291).
splunk helpers are running (PIDs: 1292 1299 1537 1598).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is no complete list, because it depends on both your version of Splunk, the various scripts you may have and the searches that are running. But here is most of it
splunkd - this is the "engine" that does most of the work. The first splunkd process is the parent of all the other running Splunk processes
in Splunk 6.2, a second copy of splunkd runs to manage the user interface
a third copy of splunkd may run to collect information about how Splunk uses system resources
mongod - not in earlier versions, but starting in 6.2, this process manages the mongo db that contains the KV store
python - Splunk may run a python process
Splunk will also launch processes as needed to run scripted inputs, alert scripts and searches. These will be subprocesses of splunkd. Earlier versions of Splunk ran a splunkweb process, but that is no longer true in version 6.2
Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud
Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know
October Community Champions: A Shoutout to Our Contributors!
