Splunk Search

Help with script to make Splunk status up automatically if Splunk is down

rajaguru2790
Explorer

Please help me with the script below. This script is not running in Unix and Windows machine.
Please help tweak and give the right script which runs:

#!/bin/sh

 # ## Splunk Health Checking Script to run hourly ##
 # This will run some basic checks to ensure      ##
 # splunk is running and restart those services   ##
 # if it fails a check.                           ##
 ## ############################################# ##

 service=splunk

 # Error handling function
 function errorCheck {
         if [ $? -ne 0 ] ; then
                 echo "Error occurred connecting on port 8089 for $service"
                 /etc/init.d/$service start
         fi
 }


 # check for the processes to be running
 if (( $(ps -ef | grep -v grep | grep $service | wc -l) > 0 )); then
        echo "$service is running!!!"
 else
        /etc/init.d/$service start
 fi

 # check for the service itself to be running
 # sometimes the service can crash leaving stale PID's running
 if (( $(/etc/init.d/$service status | grep "splunkd is running" | wc -l) > 0 )) ; then
        echo "$service is running!!!"
 else
        /etc/init.d/$service start
 fi

 # check if we can connect locally on port 8089
 /usr/bin/curl -s -k -o "/dev/null" https://127.0.0.1:8089
 errorCheck

gaurav_maniar
Builder

Hi,

Below script will restart the splunk service if it is down.
At line number 3 & 7, change the path to your Splunk installation directory.

#!/bin/sh

if (( $(/path/to/splunk_installation/bin/splunk status | grep "splunkd is running" | wc -l) > 0 )) ; then
  echo "Splunk is running!!!"
else
  echo "Starting Splunk"
  /path/to/splunk_installation/bin/splunk restart
fi

accept & up-vote the answer, if it helps.

codebuilder
SplunkTrust
SplunkTrust

You'll need to provide some more details.
What version and distribution of Linux are you running?
What version of Splunk?
When you say "the script is not running", what exactly do you mean?

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...