Splunk Search

Is there a systemd unit file for Splunk?

Yorokobi
SplunkTrust
SplunkTrust

systemd replaces SysV init scripts and some Linux distributions are migrating to or currently support systemd (such as Arch Linux). The traditional start-up script /etc/init.d/splunk (or /etc/rc.d/splunk) does not work in a pure systemd configuration, a unit file is required.

This thread is getting outdated. See the official documentation and additional information below:
- https://docs.splunk.com/Documentation/Splunk/7.2.6/Admin/RunSplunkassystemdservice
- https://docs.splunk.com/Documentation/Splunk/7.2.6/Workloads/Configuresystemd
- https://answers.splunk.com/answers/738877/splunk-systemd-unit-file-in-versions-722-and-newer.html
- https://www.duanewaddle.com/splunk-7-2-2-and-systemd/

Tags (2)

mattymo
Splunk Employee
Splunk Employee

finally got around to trying this. worked nice! thx!

- MattyMo
0 Karma

Yorokobi
SplunkTrust
SplunkTrust

Good catch, sspencer. I expect these answers will change over time as systemd evolves.

0 Karma

sspencer_splunk
Splunk Employee
Splunk Employee

According to systemd docs, variables cannot be used as the first argument of the ExecStart, ExecStop, and/or ExecReload options. Systemd will not expand those variables. My testing agrees with the documentation. I had to restore the absolute path as shown in the top entry of this answer.

0 Karma

Yorokobi
SplunkTrust
SplunkTrust

To enable the unit file:
sudo systemctl enable splunkd

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...