Splunk Search

What does "splunk enable boot-start" actually do?

lsouzek
Explorer

I need to enable Splunk to start on boot on a few Linux (SLES 9/10, Red Hat AS 5) and Unix (HP-UX 11.23/11.31, AIX 5.3) platforms. However, my group does not have root access to these servers so we'll have to ask our system administration group to run the commands for us. I'm guessing that they're not going to trust us to run an unfamiliar command as root. To head off that question, would it be possible to describe all the things that "splunk enable boot-start -user splunk" does behind the scenes? I'm guessing that it copies an init script into the OS-appropriate directory and then creates the symbolic links for it to be started on boot but I'd like to verify that assumption and find out if I'm missing anything.

Tags (3)
1 Solution

gkanapathy
Splunk Employee
Splunk Employee

That's all it does. If they don't want to run it, they can create their own startup script and links for the service I suppose. Or you could run it as root on a different machine (that you do have root access to) and give a copy to your admins.

View solution in original post

mattjh88
New Member

You can check what this service is set do at boot-time with

chkconfig --list | grep splunk

This will display a list of the Linux run-levels (in this case specifically Splunk)...

The numbers (0-6, incl.) represent the different modes, and state (on/off) represent the state.

List of modes...

0 = /etc/rc.d/rc0.d = Halt

1 = /etc/rc.d/rc1.d = Single-user mode

2 = /etc/rc.d/rc2.d = Not used

3 = /etc/rc.d/rc3.d = Full user CLI mode

4 = /etc/rc.d/rc4.d = Not used

5 = /etc/rc.d/rc5.d = Full user GUI mode

6 = /etc/rc.d/rc6.d = Reboot

Maybe useful for admins... ?! as it may allow more control....

0 Karma

sloshburch
Splunk Employee
Splunk Employee

I have the exact same question specifically for AIX.

I was able to get someone with root access to run the job: splunkforwarder/bin/splunk enable boot-start -user splunkadmin
Where 'splunkadmin' is my dedicated/isolated batch unix account for managing splunk.

Unfortunately, I am unable to find the init script in the same manner as I was able to find it on Linux.
I do see this was added to /etc/inittab: splunk:2:once:/usr/bin/startsrc -g splunk > /dev/console 2>&1

What specific file or OS changes occur when running the enable command AND therefore location of the init scripts on AIX?

0 Karma

mattjh88
New Member

Thanks for adding to this dwaddle, should have added more clarity.

0 Karma

dwaddle
SplunkTrust
SplunkTrust

Note this is only applicable on Linux. On AIX, for instance "splunk enable boot-start" creates an SRC subsystem object and adds an /etc/inittab line to perform a "startsrc -s splunkd". I imagine the HPUX operations are similarly OS-specific.

bricker
Engager

To add a bit more detail since I had to explain how this works to our Unix admins, here is IBM's link about the System Resource Controller: [1]: http://www-01.ibm.com/support/knowledgecenter/ssw_aix_61/com.ibm.aix.cmds5/startsrc.htm

Not sure why Splunk went this way in the first place and forked AIX in this manner.

0 Karma

mattjh88
New Member

additionally if "chkconfig" is not installed you can use something like...

sudo apt-get install chkconfig

to install the package, as long as you are connected to the Internet.

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

That's all it does. If they don't want to run it, they can create their own startup script and links for the service I suppose. Or you could run it as root on a different machine (that you do have root access to) and give a copy to your admins.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...