I installed the Splunk Linux version today (rpm version) but I don't know how to start Splunk service. I tried to input command service Splunk start and /etc/init.d/splunk start but these services did not have Linux. How can I start Splunk service?
You will want to run the command:
$SPLUNK_HOME/bin/splunk start
Reference: http://docs.splunk.com/Documentation/Splunk/5.0/Installation/StartSplunkforthefirsttime
You may also want to check these instructions on how to start SPlunk at boot time: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/ConfigureSplunktostartatboottime
If it is RHEL 7.x + I would recommend using systemd to manage the splunk service:
$SPLUNK_HOME/bin/splunk enable boot-start -systemd-managed 1 -user <username> -group <groupname>
https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/RunSplunkassystemdservice
This will create a file in /etc/systemd/system/Splunkd.service and I replace the contents of that with:
[Unit]
After=network.target
[Service]
Type=simple
Restart=always
ExecStart= /opt/splunk/bin/splunk _internal_launch_under_systemd
ExecStop = /opt/splunk/bin/splunk stop
ExecReload = /opt/splunk/bin/splunk restart
LimitCORE = 0
LimitFSIZE = infinity
LimitDATA = infinity
LimitNPROC = 20480
LimitNOFILE = 65536
TimeoutSec = 300
SuccessExitStatus=51 52
RestartPreventExitStatus=51
RestartForceExitStatus=52
Delegate=true
MemoryLimit=100G
CPUShares=1024
PermissionsStartOnly=true
ExecStartPost=/bin/bash -c "chown -R splunk:splunk /sys/fs/cgroup/cpu/system.slice/%n"
ExecStartPost=/bin/bash -c "chown -R splunk:splunk /sys/fs/cgroup/memory/system.slice/%n"
[Install]
WantedBy=multi-user.target
This file will handle required ulimit settings and deal with permissions per Splunk's env specs. Also note that I am running Splunk as the linux user splunk which you can change should you want to. If you choose to do this make sure you refresh systemd daemon:
systemctl daemon-reload
I prefer running Splunk using systemd instead of the legacy init.d as there is more functionality and I would assume it is going to be more supported moving forward.
$SPLUNK_HOME/bin/splunk enable boot-start
Installs a service file in /etc/init.d that supports start|stop|restart|status
Better answer:
$SPLUNK_HOME/bin/splunk enable boot-start
This creates an init.d service file.
first go to bin folder in Splunk
bin> ./splunk start
for stop the splunk
bin> ./splunk stop
You will want to run the command:
$SPLUNK_HOME/bin/splunk start
Reference: http://docs.splunk.com/Documentation/Splunk/5.0/Installation/StartSplunkforthefirsttime
You may also want to check these instructions on how to start SPlunk at boot time: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/ConfigureSplunktostartatboottime