Configure Splunk before startup

Configure Splunk before startup

This topic discusses optional configurations you may want to include in your Splunk work environment.

To start at boot time

Splunk provides a utility that updates your system boot configuration so that Splunk starts when the system boots up. This utility creates a suitable init script (or makes a similar configuration change, depending on your OS).

As root, run:

$SPLUNK_HOME/bin/splunk enable boot-start

If you don't start Splunk as root, you can pass in the -user parameter to specify which user to start Splunk as. For example, if Splunk runs as the user bob, then as root you would run:

$SPLUNK_HOME/bin/splunk enable boot-start -user bob

If you want to stop Splunk from running at system startup time, run:

$SPLUNK_HOME/bin/splunk disable boot-start

More information is available in $SPLUNK_HOME/etc/init.d/README and if you type help boot-start from the command line.

To bind to an IP

In Splunk 2.1 and all later versions, you can force Splunk to bind its ports to a specified IP address. To make this a temporary change, set the environment variable SPLUNK_BINDIP=<ipaddress> before starting Splunk.

If you want this to be a permanent change in your working environment, modify $SPLUNK_HOME/etc/splunk-launch.conf to include the SPLUNK_BINDIP attribute and <ipaddress> value. For example, to bind Splunk ports to 127.0.0.1, splunk-launch.conf should read:

# Modify the following line to suit the location of your Splunk install.
# If unset, Splunk will use the parent of the directory this configuration
# file was found in
#
# SPLUNK_HOME=/opt/splunk
SPLUNK_BINDIP=127.0.0.1

This will affect the binding address of all ports opened by splunk and splunkweb, including the http server, and network inputs.

Note: You can also use splunk-launch.conf to define $SPLUNK_HOME and $SPLUNK_DB.