All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

CentOS Splunk Not Starting On Boot

menkurau
Path Finder
‎02-14-2012 04:34 PM

I set Splunk to start on boot with /op/splunk/bin/splunk enable boot-start and have verified the script
/opt/splunk/bin/splunk status
splunkd is not running.
splunkweb is not running.
ls -al /etc/init.d/ | grep splunk
-rwx------. 1 root root 992 Feb 14 16:24 splunk
chkconfig --list | grep splunk
splunk 0:off 1:off 2:on 3:on 4:on 5:on 6:off

All looks good to me, however Splunk does not start on a restart. Any ideas?

Tags (2)
0 Karma
Reply

agrant
Explorer
‎05-04-2012 04:20 AM

I noticed this same issue on some older Solaris machines. Seems some shell implementations don't have a $USER.
If $USER doesn't exist in the manner you start the splunk instance then the splunkforwarder won't start up.

So I just added the serverName=$HOSTNAME definition to the general stanza in the local/server.conf file.

0 Karma
Reply

menkurau
Path Finder
‎02-28-2012 09:47 AM

After checking boot.log I found out that Splunk 4.3 uses $HOSTNAME-$USER as the Splunk hostname. In my case it was having an issue with $USER so I changed it to just $HOSTNAME and it starts fine on boot/restart. Have not researched the issue, but then again I don't really care about appending $USER to the Splunk hostname.

0 Karma
Reply

MuS
Legend
‎02-14-2012 10:35 PM

Hi menkurau

  • what are the logs reporting, system logs as well if existing $SPLUNK_HOME/var/log/splunk/splunkd.log?
  • what happens if you fire up the start script by hand?
  • does the user running splunk have the necessary permissions?

cheers

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...