Documentation: 3.4.1
Print Version Contents
This page last updated: 11/05/08 12:11pm

Configure Splunk before startup

This topic discusses optional configurations you may want to include in your Splunk work environment.

Note: (If you have administrator or root privileges) To save a lot of typing, add the top level directory of your Splunk installation to your shell path. The $SPLUNK_HOME variable refers to the top level directory. Set a SPLUNK_HOME environment variable and add $SPLUNK_HOME/bin to your shell's path. The example below works for bash users who accepted the default installation location. Use the correct syntax and path for your own installation.

# export SPLUNK_HOME=/opt/splunk
# export PATH=$SPLUNK_HOME/bin:$PATH

The full path to the Splunk executable is provided in these instructions regardless.

To start at boot time

Splunk provides a utility that updates your system boot configuration so that Splunk starts when the system boots up. This utility creates a suitable init script (or makes a similar configuration change, depending on your OS).

As root, run:

$SPLUNK_HOME/bin/splunk enable boot-start

If you don't start Splunk as root, you can pass in the -user parameter to specify which user to start Splunk as. For example, if Splunk runs as the user bob, then as root you would run:

$SPLUNK_HOME/bin/splunk enable boot-start -user bob

If you want to stop Splunk from running at system startup time, run:

$SPLUNK_HOME/bin/splunk disable boot-start

More information is available in $SPLUNK_HOME/etc/init.d/README and if you type help boot-start from the command line.

To bind to an IP

In Splunk 2.1 and all later versions, you can force Splunk to bind its ports to a specified IP address. To make this a temporary change, set the environment variable SPLUNK_BINDIP=<ipaddress> before starting Splunk.

If you want this to be a permanent change in your working environment, modify $SPLUNK_HOME/etc/splunk-launch.conf to include the SPLUNK_BINDIP attribute and <ipaddress> value. For example, to bind Splunk ports to 127.0.0.1, splunk-launch.conf should read:

# Modify the following line to suit the location of your Splunk install.
# If unset, Splunk will use the parent of the directory this configuration
# file was found in
#
# SPLUNK_HOME=/opt/splunk

SPLUNK_BINDIP=127.0.0.1

This will affect the binding address of all ports opened by splunk and splunkweb, including the http server, and network inputs.

Note: You can also use splunk-launch.conf to define $SPLUNK_HOME and $SPLUNK_DB.

Previous: Enable the Splunk light forwarder via the deployment server    |    Next: Run Splunk as non-root user

Comments

  1. @jbunag: thanks for the feedback. this is true of Splunk in previous versions, as well. it has been changed to /bin/bash for future versions.
    Posted by emma on Dec 24 2008, 3:31pm

  2. If you followed the instructions for starting splunk at boot time but cannot get splunk to start up, check the default shell of the splunk user that was created as part of the Debian package install. As of splunk 3.4.4 the splunk user is created with a default shell of /bin/false. You will need to change that to a valid shell such as /bin/sh or /bin/bash in order to make splunk start up at boot-time.
    Posted by jbunag on Dec 24 2008, 2:27pm

  3. Hi, why is button clicky is disabled??
    Posted by dingp on Jul 10 2008, 6:12am

  4. Hi, how to clicky this buttons?
    Posted by dingp on Jul 10 2008, 6:12am

  5. Hi
    We would like to install with a Non-Root and ID. Is there any way to do that with out using SUDO or SU to start the process?
    Ramki
    Posted by gpallirk on Jun 26 2008, 10:07am

Log in to comment.