Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Possible to set a different name for Splunkd?

rdaniel
Loves-to-Learn
‎01-30-2021 06:50 PM

  Currently deploying a solution at all client's environment using version 8.x, however an existing third party has already some servers where Splunk v7.0 is deployed. To avoid responsibility conflicts and total separation of Splunk, we are working on different location and ports however we are not able to locate conf file to change Splunkd to something else. This would prevent either team to kill incorrectly other daemon by mistake.

 Please any lead will help us. Tks.

Labels (1)
Labels
0 Karma
Reply

rdaniel
Loves-to-Learn
‎02-01-2021 02:25 PM

Thanks for replies. 

  I am currently running Splunk 8.05 in a CentOS Stream 8, and followed recommendation by soutamo but daemon still remains: Splunkd. Was this feature discontinued for Enterprise and Universal Forwarders?

  I have successfully adjusted splunk-launch.conf to point datastore to an alternative location without any problem. However SPLUNK_SERVICE_NAME is not responding as expected. 

  Here is capture of information from splunk-launch.conf and initialization. Is there something else missing?

Thanks.

rdaniel_0-1612218009641.png

 

 

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-01-2021 11:25 PM

Hi

You cannot change splunkd process name, only change of service name is allowed. 

More information can found here: https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/RunSplunkassystemdservice

Based on your screenshot you are still using init.d versio startup. I strongly propose that you should change to systemd version. Then you can change that name and it's easier to run several versions at same time (e.g. server + UF, if this is mandatory by your policy). Also you can start to use workload management after that if needed.

r. Ismo

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-31-2021 11:39 PM

Hi

when you said Splunkd I expecting that you are talking about linux service name? If so then you could change it by editing splunk-launch.conf with parameter 

SPLUNK_SERVER_NAME

You must do this before enabling splunk boot start. If you have already enabled it then just disable it, edit this parameter and then enable it again.

r. Ismo 

0 Karma
Reply

The_Simko
Path Finder
‎01-30-2021 08:00 PM

I suspect you won't find anything on how to do that.   But... the different ports will be listed in top.   
Also, perhaps teach them to use start/stop in the right folder rather than killing processes?

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...