Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk & Linux Kernel 3.0

dshakespeare_sp
Splunk Employee
Splunk Employee
‎04-18-2013 06:48 AM

Can Splunk run with Splunk on Linux 3.0/3.1 kernel. The documentation just states 2.6+ but there is nothing explicit Linux 3.0/3.1

Tags (1)
Reply

jonuwz
Influencer
‎04-18-2013 11:45 AM

It runs just fine on suse SLES 11 sp2 which has a 3.x kernel. Been running it 24x7 for months with no problem.

0 Karma
Reply

dwaddle
SplunkTrust
SplunkTrust
‎04-18-2013 07:07 AM

I would expect the kernel version to largely not matter to Splunk as long as it is relatively modern - that is supports things like NPTL (New POSIX Thread Library) which was a kernel 2.4 feature. The kernel maintainers go to a substantial effort to make sure that no kernel changes break existing user-mode code, and Splunk does not have anything that runs outside of userspace. Sometimes though, the maintainers do mess up and a substantial flap1 comes of it.

But, now be warned of the difference between 'runs' and 'is supported'. If there is a problem, it will be up to Splunk support to decide if they want to commit to supporting these newer kernels at this time.

0 Karma
Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...