Monitoring Splunk

Is there a list of processes that run after starting Splunk

melonman
Motivator

Hi,

I am looking for a list of processes that Splunk launches.
I could only find splunkd and splunkweb in the installation manual, but I see many more processes that runs in my CentOS environment.

I need to know the list of processes that run in each role (search head, indexer, cluster master, universal forwarder... etc), and the brief description of what each process does.

I would appreciate if anyone could help me with this..

Thank you very much in advance,

0 Karma
1 Solution

lguinn2
Legend

There is no complete list, because it depends on both your version of Splunk, the various scripts you may have and the searches that are running. But here is most of it

splunkd - this is the "engine" that does most of the work. The first splunkd process is the parent of all the other running Splunk processes

in Splunk 6.2, a second copy of splunkd runs to manage the user interface

a third copy of splunkd may run to collect information about how Splunk uses system resources

mongod - not in earlier versions, but starting in 6.2, this process manages the mongo db that contains the KV store

python - Splunk may run a python process

Splunk will also launch processes as needed to run scripted inputs, alert scripts and searches. These will be subprocesses of splunkd. Earlier versions of Splunk ran a splunkweb process, but that is no longer true in version 6.2

View solution in original post

melonman
Motivator

I would need the list so monitoring team will know which processes are splunk-related.
For now, I just needed it for Splunk 6.2.1 indexer and universal forwarder on Cent OS.
I would really appreciate if anyone provide the list.

0 Karma

MuS
SplunkTrust
SplunkTrust

How about the $SPLUNK_HOME/bin/splunk status command which will provide a list of all processes and pid's like this:

splunkd is running (PID: 1291).
splunk helpers are running (PIDs: 1292 1299 1537 1598).
0 Karma

lguinn2
Legend

There is no complete list, because it depends on both your version of Splunk, the various scripts you may have and the searches that are running. But here is most of it

splunkd - this is the "engine" that does most of the work. The first splunkd process is the parent of all the other running Splunk processes

in Splunk 6.2, a second copy of splunkd runs to manage the user interface

a third copy of splunkd may run to collect information about how Splunk uses system resources

mongod - not in earlier versions, but starting in 6.2, this process manages the mongo db that contains the KV store

python - Splunk may run a python process

Splunk will also launch processes as needed to run scripted inputs, alert scripts and searches. These will be subprocesses of splunkd. Earlier versions of Splunk ran a splunkweb process, but that is no longer true in version 6.2

Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...