- Splunk 7.x Quick Start Guide
- James H. Baxter
- 281字
- 2021-06-10 19:04:58
Starting on reboot
By default, Splunk does not start when the server is rebooted; you will typically want it to do so. You can have Splunk create a script that starts it by executing an 'enable boot-start' command (as root, as this will alter OS level files):
[root@ip-172-31-28-164 ~]# cd /opt/splunk/bin
[root@ip-172-31-28-164 bin]# ./splunk enable boot-start -user splunk
Init script installed at /etc/init.d/splunk.
Init script is configured to run at boot.
Then, edit the /etc/init.d/splunk file and add USER=splunk right after the RETVAL=0 entry near the top of the file:
#!/bin/sh
#
# /etc/init.d/splunk
# init script for Splunk.
# generated by 'splunk enable boot-start'.
#
# chkconfig: 2345 90 60
# description: Splunk indexer service
#
RETVAL=0
USER=splunk
. /etc/init.d/functions
splunk_start() {
echo Starting Splunk...
"/opt/splunk/bin/splunk" start --no-prompt --answer-yes
RETVAL=$?
[ $RETVAL -eq 0 ] andand touch /var/lock/subsys/splunk
}
...
Be sure to specify -user splunk when you execute the enable boot-start command, and make the noted change to the /etc/init.d/splunk file, or the script will start Splunk as root upon startup and cause you all kinds of file ownership issues! You can verify that Splunk is running as the splunk user by executing the: ps -ef | grep splunk command and checking to see which user (root or splunk) owns the splunk processes. If you DO accidentally start splunk as root, stop Splunk, cd to the /opt
/splunk directory, and run chown -R splunk:splunk ./ (as root) to change the ownership of all the files back to the splunk user. Don't fret—we've all done it, and it's easily fixed.
/splunk directory, and run chown -R splunk:splunk ./ (as root) to change the ownership of all the files back to the splunk user. Don't fret—we've all done it, and it's easily fixed.