Splunk Enterprise

For a dev system: How to deploy multiple instances of Splunk to a single *nix machine ?

efika
Communicator

Hi,

I'm building a simple dev CentOS VM on my PC to try out clustering configuration and other stuff.
I've used tar -C to install the splunk tgz into different directories, set the web,mgmt,kv and appserver to different ports but when doing ./splunk start/stop/restart it will only apply to the original splunk install.

I've found this old link  but it reflects init.d changes and not the new systemd.

appreciate any help configuring this to work.

Labels (2)
0 Karma
1 Solution

efika
Communicator

Many thanks for the guidance  Ismo @isoutamo  !

For reference here is what I did to make it work. for example if I want to install a second instance called "SH":

1. Under /opt create a directory called SH

2. Install the 2nd (or n-th) instance in a different location using :
  tar -zxvf <splunk install tgz file> -C /opt/sh

3. In /opt/sh/splunk/etc duplicate the file splunk-launch.conf.default to splunk-launch.conf

4. edit the file splunk-launch.conf in /opt/sh/splunk/etc to reflect chnages to the SPLUNK_HOME and Splunkd daemon name like so:

# Version 8.0.6

# Modify the following line to suit the location of your Splunk install.
# If unset, Splunk will use the parent of the directory containing the splunk
# CLI executable.
#
# SPLUNK_HOME=/opt/splunk-home
SPLUNK_HOME=/opt/sh/splunk

# By default, Splunk stores its indexes under SPLUNK_HOME in the
# var/lib/splunk subdirectory. This can be overridden
# here:
#
# SPLUNK_DB=/opt/splunk-home/var/lib/splunk
# Splunkd daemon name
#SPLUNK_SERVER_NAME=Splunkd
SPLUNK_SERVER_NAME=Splunkdsh

 

5. switch to the directory /opt/sh/splunk/bin/ and run
./splunk enable boot-start -systemd-managed 1 (see docs here  )

You will see that a splunkdsh.service file was added to /etc/systemd/system

6.  Accept the LUA, set admin user and password

7 ./splunk start
change http port, mgmt port, appserver port, kvstore port to different ports since you are on the same IP 🙂

Enjoy !

 

View solution in original post

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Hi
If you want to star those with systemd then you must change SPLUNK_SERVER_NAME on splunk-launch.conf file from Splunkd e.g. splunk-sh, splunk-IDX before you are enabling boot start. Otherwise all are using the same systemd init file.
r. Ismo

efika
Communicator

Many thanks for the guidance  Ismo @isoutamo  !

For reference here is what I did to make it work. for example if I want to install a second instance called "SH":

1. Under /opt create a directory called SH

2. Install the 2nd (or n-th) instance in a different location using :
  tar -zxvf <splunk install tgz file> -C /opt/sh

3. In /opt/sh/splunk/etc duplicate the file splunk-launch.conf.default to splunk-launch.conf

4. edit the file splunk-launch.conf in /opt/sh/splunk/etc to reflect chnages to the SPLUNK_HOME and Splunkd daemon name like so:

# Version 8.0.6

# Modify the following line to suit the location of your Splunk install.
# If unset, Splunk will use the parent of the directory containing the splunk
# CLI executable.
#
# SPLUNK_HOME=/opt/splunk-home
SPLUNK_HOME=/opt/sh/splunk

# By default, Splunk stores its indexes under SPLUNK_HOME in the
# var/lib/splunk subdirectory. This can be overridden
# here:
#
# SPLUNK_DB=/opt/splunk-home/var/lib/splunk
# Splunkd daemon name
#SPLUNK_SERVER_NAME=Splunkd
SPLUNK_SERVER_NAME=Splunkdsh

 

5. switch to the directory /opt/sh/splunk/bin/ and run
./splunk enable boot-start -systemd-managed 1 (see docs here  )

You will see that a splunkdsh.service file was added to /etc/systemd/system

6.  Accept the LUA, set admin user and password

7 ./splunk start
change http port, mgmt port, appserver port, kvstore port to different ports since you are on the same IP 🙂

Enjoy !

 

0 Karma
Get Updates on the Splunk Community!

This Week's Community Digest - Splunk Community Happenings [9.26.22]

Get the latest news and updates from the Splunk Community here! Upcoming User Group Events! &#x1f44f; Check ...

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...