Splunk Enterprise

Starting splunk as non root user

stevenm1
New Member

Hi,
Looks like this question has been asked numerous times but I'm not seeing same issue as what I have. On Suse Linux 11.4 I have installed the forwarder but I cannot get it to start under splunk user using the startup scripts under inittab. I ran the "splunk enable boot-start -user splunk" command as root. It seems to just create an init.d file with no splunk user references so when the server reboots it again starts as root.
What is supposed to change in this file ? I tried adding the -user splunk param to below line but just hangs.

splunk_start() {
echo Starting Splunk...
"/opt/splunkforwarder/bin/splunk" start --no-prompt --answer-yes
RETVAL=$?
}

What am I doing wrong?

Tags (1)
0 Karma

ddrillic
Ultra Champion

Just please keep in mind that the purpose of splunk enable boot-start -user splunkis to create the automatic server boot start commands for Splunk.

0 Karma

skalliger
SplunkTrust
SplunkTrust

Are you talking about Suse Linux Enterprise Server? I would change the following line

 "/opt/splunkforwarder/bin/splunk" start --no-prompt --answer-yes

into this:

sudo -u splunk -c '/opt/splunkforwarder/bin/splunk start'

IIRC, that's how I used to create my startup scripts in /etc/init.d with SLES11 and SLES12.

Skalli

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...