Configure Splunk to start at boot time
Configure Splunk to start at boot time
On Windows, Splunk starts by default at machine startup. To disable this, see "Disable boot-start on Windows" at the end of this topic.
On *nix platforms, you must configure Splunk to start at boot time.
Enable boot-start on *nix platforms
Splunk provides a utility that updates your system boot configuration so that Splunk starts when the system boots up. This utility creates a suitable init script (or makes a similar configuration change, depending on your OS).
As root, run:
$SPLUNK_HOME/bin/splunk enable boot-start
If you don't start Splunk as root, you can pass in the -user parameter to specify which user to start Splunk as. For example, if Splunk runs as the user bob, then as root you would run:
$SPLUNK_HOME/bin/splunk enable boot-start -user bob
If you want to stop Splunk from running at system startup time, run:
$SPLUNK_HOME/bin/splunk disable boot-start
More information is available in $SPLUNK_HOME/etc/init.d/README and if you type help boot-start from the command line.
Note for Mac users
Splunk automatically creates a script and configuration file in the directory: /System/Library/StartupItems. This script is run at system start, and automatically stops Splunk at system shutdown.
Note: If you are using a Mac OS, you must have root level permissions (or use sudo). You need administrator access to use sudo..
Example:
Enable Splunk to start at system start up on Mac OS using:
just the CLI::
./splunk enable boot-start
the CLI with sudo:
sudo ./splunk enable boot-start
Disable boot-start on Windows
By default, Splunk starts automatically when you start your Windows machine. You can configure the Splunk processes (SplunkWeb and Splunkd) to start manually from the Windows Services manager.
This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 , 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 View the Article History for its revisions.
Comments
Correct me if I'm wrong, but if sestatus returns SELinux disabled, you don't have to worry about creating the /etc/sysconfig/splunk file with those parameters, yes?
You should only use the SPLUNK_IGNORE_SELINUX variable if you have previously run the following command to set SELIUX correctly
chcon -c -v -R -u system_u -r object_r -t lib_t $SPLUNK_HOME/lib 2>&1 > /dev/null
i also think a one liner of:
export SPLUNK_IGNORE_SELINUX=1
should do the trick.
thank you, Rohare!
To get SPLUNK_IGNORE_SELINUX in the environment create file "/etc/sysconfig/splunk" with the following contents:
SPLUNK_IGNORE_SELINUX=1
export SPLUNK_IGNORE_SELINUX
The generated splunk startup script fails to start splunk because the SPLUNK_IGNORE_SELINUX environment variable is not set.
How does add the variable to the environment. I tried adding an export to the startup script, but that did not work.
NOTE: If trying to run this command as non-root user (user123 say), you will need to run sudo with the -E option:
[user123] $ sudo -E splunk enable boot-start -user user123
The -E option will prevent errors 'Could not determine $SPLUNK_HOME' or 'Could not find chkconfig', even when your environment has them. See man sudo for more details.