Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Restart of Splunk Agent using script

nvnbsibm
New Member
‎01-22-2022 11:58 AM

Hi All,

 

We are looking for a script to restart the splunk agent when ever it gets stopped could you please help us if anyone has any script to restart it on both linux & windows servers

 

THanks in Advance

Labels (1)
Labels
0 Karma
Reply

SinghK
Builder
‎01-24-2022 01:07 AM

On windows you don't need a script in services.msc there is an option for each sevice to recover if it stops there 3 actions u can define for first faliure second faliure and 3rd faliure. You can use that to auto restart and this can be pushed to all windows server as well as it's oob function in wimdows

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎01-22-2022 12:58 PM

Firstly, if your forwarder crashes often, you should look for the cause.

Secondly - I'm not that proficient with windows services but with linux you can either use a solution that monitors and restarts service if needed if you're not using systemd (like monit). If you're using sysyemd, the unit file is written so that the service does restart in case of a crash. See https://docs.splunk.com/Documentation/Splunk/8.2.4/Admin/RunSplunkassystemdservice#Configure_systemd...

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-24-2022 12:31 AM

Hi

I totally agree with @PickleRick that if there are more than few crashes / stops on splunkd you should resolve the reason and fix it.

To restart splunkd in linux you should use systemd and in windows just configure service for restarting it after crash/stop. Then on both environment you should have some monitoring which are looking that those are running and if automation cannot restart those you must check those manually and find the reason why automation cannot bring services up.

r. Ismo

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...