- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How would I stop and restart my UF and HF
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have Universal Forward and Heavy Forward in Linux machine, how would I stop and restart them. Any help will be highly appreciated. Thank you so much, appreciate your support in these efforts.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@SplunkDash First of all for both UF & HF the process is same.
- First login to your linux instance via CLI.
- Now change ownership to splunk user.
- Go to bin directory of your splunk, in most common cases the path will be /opt/splunk/bin.
- If you don't remember the path of where your splunk is installed you can use the below command to check it:
echo $SPLUNK_HOME
- Now to to splunk/bin directory and check the splunk status using below commands.
./splunk status
- If splunk is already running you can directly restart it using below command.
./splunk restart
- If splunk is not running you need to start your service by using below command.
./splunk start
- Now again check the splunk status by using the above status command and check if the splunk is running.
That's all you need to do for a restart.
Also if this reply helped you a thumbs-up would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Remember that all solutions given here require that you run those commands as the user splunk is running with. You might run into problems if splunk have been running so far with its own user and you suddenly run it as root. Might cause some permissions problems later.
So it's advisable to start and stop the service using the normal system mechanisms:
systemctl start splunkd.service
systemctl stop splunkd.service
systemctl status sytemctl service
If you're running splunk on a distro that doesn't ship with systemd but with other init (is it still possible in 2021?), try your typical system services manipulation commands i.e. service splunkd start/stop.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@SplunkDash First of all for both UF & HF the process is same.
- First login to your linux instance via CLI.
- Now change ownership to splunk user.
- Go to bin directory of your splunk, in most common cases the path will be /opt/splunk/bin.
- If you don't remember the path of where your splunk is installed you can use the below command to check it:
echo $SPLUNK_HOME
- Now to to splunk/bin directory and check the splunk status using below commands.
./splunk status
- If splunk is already running you can directly restart it using below command.
./splunk restart
- If splunk is not running you need to start your service by using below command.
./splunk start
- Now again check the splunk status by using the above status command and check if the splunk is running.
That's all you need to do for a restart.
Also if this reply helped you a thumbs-up would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The commands are the following:
- Stop Splunk: splunk stop
- Restart Splunk: splunk restart
You should be on the following path to execute the commands: $SPLUNK_HOME/bin/
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
