Solved: Re: What does "splunk enable boot-start" actually ...

lsouzek · ‎08-05-2010

I need to enable Splunk to start on boot on a few Linux (SLES 9/10, Red Hat AS 5) and Unix (HP-UX 11.23/11.31, AIX 5.3) platforms. However, my group does not have root access to these servers so we'll have to ask our system administration group to run the commands for us. I'm guessing that they're not going to trust us to run an unfamiliar command as root. To head off that question, would it be possible to describe all the things that "splunk enable boot-start -user splunk" does behind the scenes? I'm guessing that it copies an init script into the OS-appropriate directory and then creates the symbolic links for it to be started on boot but I'd like to verify that assumption and find out if I'm missing anything.

gkanapathy · ‎08-05-2010

That's all it does. If they don't want to run it, they can create their own startup script and links for the service I suppose. Or you could run it as root on a different machine (that you do have root access to) and give a copy to your admins.

View solution in original post

mattjh88 · ‎09-25-2011

You can check what this service is set do at boot-time with

chkconfig --list | grep splunk

This will display a list of the Linux run-levels (in this case specifically Splunk)...

The numbers (0-6, incl.) represent the different modes, and state (on/off) represent the state.

List of modes...

0 = /etc/rc.d/rc0.d = Halt

1 = /etc/rc.d/rc1.d = Single-user mode

2 = /etc/rc.d/rc2.d = Not used

3 = /etc/rc.d/rc3.d = Full user CLI mode

4 = /etc/rc.d/rc4.d = Not used

5 = /etc/rc.d/rc5.d = Full user GUI mode

6 = /etc/rc.d/rc6.d = Reboot

Maybe useful for admins... ?! as it may allow more control....

sloshburch · ‎10-08-2012

I have the exact same question specifically for AIX.

I was able to get someone with root access to run the job: splunkforwarder/bin/splunk enable boot-start -user splunkadmin
Where 'splunkadmin' is my dedicated/isolated batch unix account for managing splunk.

Unfortunately, I am unable to find the init script in the same manner as I was able to find it on Linux.
I do see this was added to /etc/inittab: splunk:2:once:/usr/bin/startsrc -g splunk > /dev/console 2>&1

What specific file or OS changes occur when running the enable command AND therefore location of the init scripts on AIX?

mattjh88 · ‎09-26-2011

Thanks for adding to this dwaddle, should have added more clarity.

dwaddle · ‎09-25-2011

Note this is only applicable on Linux. On AIX, for instance "splunk enable boot-start" creates an SRC subsystem object and adds an /etc/inittab line to perform a "startsrc -s splunkd". I imagine the HPUX operations are similarly OS-specific.

bricker · ‎04-02-2015

To add a bit more detail since I had to explain how this works to our Unix admins, here is IBM's link about the System Resource Controller: [1]: http://www-01.ibm.com/support/knowledgecenter/ssw_aix_61/com.ibm.aix.cmds5/startsrc.htm

Not sure why Splunk went this way in the first place and forked AIX in this manner.

mattjh88 · ‎09-25-2011

additionally if "chkconfig" is not installed you can use something like...

sudo apt-get install chkconfig

to install the package, as long as you are connected to the Internet.

gkanapathy · ‎08-05-2010

That's all it does. If they don't want to run it, they can create their own startup script and links for the service I suppose. Or you could run it as root on a different machine (that you do have root access to) and give a copy to your admins.

What does "splunk enable boot-start" actually do?

Splunk Custom Visualizations App End of Life

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk