Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Automated splunk offline and enable/disable maintenance-mode for OS updates

splunkreal
Motivator
3 weeks ago

Hello, in ssh CLI running Redhat linux, how to launch splunk offline on indexers and on splunk manager node, enable or disable maintenance-mode without credentials (it asks for local admin username and password)?

This way we could automate OS updates by properly stop services.

Thanks for your help.

 

* If this helps, please upvote or accept solution if it solved *
Labels (2)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
3 weeks ago

Adding to what has already been said - I would not recommend doing OS maintenance without a Splunk admin assist (or at least available on call). It is not OS administrator's area of competence to verify whether Splunk has shut down correctly, started correctly, is working correctly and so on. What if something happens when your environment is in maintenance mode? Will your OS admins be able to handle it properly? I wouldn't expect them to because it's not their job.

Reply

PrewinThomas
Motivator
3 weeks ago

@splunkreal 
As @livehybrid mentioned, You cannot fully bypass Splunk authentication for maintenance‑mode operations. The splunk offline and splunk enable/disable maintenance-mode commands always require
Splunk admin credentials (not Linux root).

To automate, you should use either Splunk auth tokens or a service account with pre‑configured credentials in a script.


Regards,
Prewin
🌟If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

Reply

livehybrid
SplunkTrust
SplunkTrust
3 weeks ago

Hi @splunkreal 

Just to clarify - Its asking for a Splunk admin authentication, not a local system account. 

You need to enter the user/pass of an admin user in your Splunk instance - alternatively you can pass a Splunk auth token by adding the following to your CLI command

-token <yourToken>

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...