Solved: disable webserver ignored on AIX?

jpdubose · ‎06-23-2010

We are using SplunkLightForwarder on an AIX box. We don't want port 8000 listening and have no real need for the web interface on the box so we have run "splunk disable webserver" to prevent splunkweb from starting. As such, there is a web.conf file in etc/system/local and it has the proper "startwebserver = 0" line.

This is where it gets kind of strange. On a boot or reboot of the server, splunkweb starts and is listening on port 8000. You can then go to $SPLUNK_HOME/bin and issue a "./splunk restart" command and splunkd and splunkweb stop and then only splunkd is started back up.

Is there something with inittab or somewhere else that splunk starts on machine boot that is still starting splunkweb or is this some kind of bug?

This was the behavior with splunk 3.4 and now with 4.1.2.

Thanks

mitch · ‎07-23-2010

Yeah, looks like a bug. On AIX, "splunk enable boot-start" adds splunkd and splunkweb to SRC. Unfortunately the way that it does it probably won't respect the "disable webserver" setting because once its in SRC, bin/splunk isn't the one doing the launching and it doesn't get a chance to apply that setting. I'll have to think about how to handle this one.

It should be easy to manually fix on the box if you just do a:

  # rmssys -s splunkweb

to remove splunkweb from SRC

View solution in original post

mitch · ‎07-23-2010

Yeah, looks like a bug. On AIX, "splunk enable boot-start" adds splunkd and splunkweb to SRC. Unfortunately the way that it does it probably won't respect the "disable webserver" setting because once its in SRC, bin/splunk isn't the one doing the launching and it doesn't get a chance to apply that setting. I'll have to think about how to handle this one.

It should be easy to manually fix on the box if you just do a:

  # rmssys -s splunkweb

to remove splunkweb from SRC

jpdubose · ‎07-23-2010

The rmssys command did the trick.

So do I get a shirt for finding a bug? 🙂

Mick · ‎06-24-2010

It sounds like there's something in your server's startup prcoess that calls both the splunkd and splunkweb services directly. Perhaps something was configured originally to do this before the SplunkLightForwarder app was enabled?

When you just run the ./splunk start or ./splunk restart commands, it sounds like Splunk itself is doing the right thing, and not starting the splunkweb process, so something else must be calling that service directly. What have you got configured to start Splunk automatically when the server boots?

dwaddle · ‎06-30-2010

This sounds like a nonstandard part of the Splunk on AIX install. Splunk by default does not register itself with SRC, and would not be startable using startsrc. If you can, please post the output of the command (run as root):

odmget -q grpname=splunk SRCsubsys

jpdubose · ‎06-25-2010

It looks like Splunk is started in the inittab through the following line:

splunk:2:once:/usr/bin/startsrc -g splunk > /dev/console 2>$1

disable webserver ignored on AIX?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation