Admin Manual

 


Configure Splunk to start at boot time

NOTE - Splunk version 4.x reached its End of Life on October 1, 2013. Please see the migration information.

Configure Splunk to start at boot time

On Windows, Splunk starts by default at machine startup. To disable this, see "Disable boot-start on Windows" at the end of this topic.

On *nix platforms, you must configure Splunk to start at boot time.

Enable boot-start on *nix platforms

Splunk provides a utility that updates your system boot configuration so that Splunk starts when the system boots up. This utility creates a suitable init script (or makes a similar configuration change, depending on your OS).

As root, run:

$SPLUNK_HOME/bin/splunk enable boot-start

If you don't start Splunk as root, you can pass in the -user parameter to specify which user to start Splunk as. For example, if Splunk runs as the user bob, then as root you would run:

$SPLUNK_HOME/bin/splunk enable boot-start -user bob

If you want to stop Splunk from running at system startup time, run:

$SPLUNK_HOME/bin/splunk disable boot-start

More information is available in $SPLUNK_HOME/etc/init.d/README and if you type help boot-start from the command line.

Note for Mac users

Splunk automatically creates a script and configuration file in the directory: /System/Library/StartupItems. This script is run at system start, and automatically stops Splunk at system shutdown.

Note: If you are using a Mac OS, you must have root level permissions (or use sudo). You need administrator access to use sudo.

Example:

Enable Splunk to start at system start up on Mac OS using:

just the CLI:

./splunk enable boot-start

the CLI with sudo:

sudo ./splunk enable boot-start

Disable boot-start on Windows

By default, Splunk starts automatically when you start your Windows machine. You can configure the Splunk processes (splunkd and splunkweb) to start manually from the Windows Services control panel.

This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 , 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 , 4.3.7 , 5.0 , 5.0.1 , 5.0.2 , 5.0.3 , 5.0.4 , 5.0.5 , 5.0.6 , 5.0.7 , 5.0.8 , 5.0.9 , 6.0 , 6.0.1 , 6.0.2 , 6.0.3 , 6.0.4 , 6.0.5 , 6.1 , 6.1.1 , 6.1.2 View the Article History for its revisions.


Comments

@Azul If you are having difficulties, possibly your best point of reference is to search http://answers.splunk.com (Splunkbase Answers) as the comment instructions themselves suggest.

Grijhwani
October 21, 2013

Thanks Malmoore for the feedback.

While I was loging with user root, I executed the commands:

[root@myserver bin]# ./splunk enable boot-start
Init script installed at /etc/init.d/splunk.
Init script is *not* configured to run at boot.

[root@myserver bin]# chkconfig --list | grep splunk
splunk 0:desactivado 1:desactivado 2:activo 3:activo 4:activo 5:activo 6:desactivado

Azul
October 18, 2013

Hi Azul,

It's actually saying "Init script is *not* configured to run at boot"?

This seems like a permissions issue. Run 'splunk enable boot-start' again, as root, then run 'chkconfig --list | grep splunk' and see if anything comes back. If nothing comes back, then you don't have enough permissions to install the boot enable scripts.

Malmoore
October 17, 2013

I have the out:
"Init script installed at /etc/init.d/splunk.
Init script is not configured to run at boot."

I used #sudo su, #sudo -E ..., #... -user root, #... -user splunk
But nothing work ... did someone have the same problem?

Azul
October 16, 2013

NOTE: If trying to run this command as non-root user (user123 say), you will need to run sudo with the -E option:

[user123] $ sudo -E splunk enable boot-start -user user123

The -E option will prevent errors 'Could not determine $SPLUNK_HOME' or 'Could not find chkconfig', even when your environment has them. See man sudo for more details.

Rrizvi splunk, Splunker
December 22, 2011

Correct me if I'm wrong, but if sestatus returns SELinux disabled, you don't have to worry about creating the /etc/sysconfig/splunk file with those parameters, yes?

Loadedmind
September 23, 2011

You should only use the SPLUNK_IGNORE_SELINUX variable if you have previously run the following command to set SELIUX correctly

chcon -c -v -R -u system_u -r object_r -t lib_t $SPLUNK_HOME/lib 2>&1 > /dev/null

Rm90495
October 8, 2010

i also think a one liner of:
export SPLUNK_IGNORE_SELINUX=1

should do the trick.

Gzaimi
August 31, 2010

thank you, Rohare!

Rachel
August 16, 2010

To get SPLUNK_IGNORE_SELINUX in the environment create file "/etc/sysconfig/splunk" with the following contents:

SPLUNK_IGNORE_SELINUX=1
export SPLUNK_IGNORE_SELINUX

Rohare
August 15, 2010

The generated splunk startup script fails to start splunk because the SPLUNK_IGNORE_SELINUX environment variable is not set.

How does add the variable to the environment. I tried adding an export to the startup script, but that did not work.

Rohare
August 15, 2010

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!