How to install and deinstall splunk.service on Linux
Splunk tool installation and deinstallation on Linux.
Splunk is a security tool .
Purpose of Splunk tool:
- Monitor, search through, index and correlate big data from a variety of sources.
- Easily search big data and set up relevant alerts, reports and visualizations.
- Power all sorts of efforts, from cybersecurity to compliance, data pipelines to IT monitoring and observability and overall IT and business management. Essentially, any area where you’ve got lots and lots of data.
Install Splunk Software
cd /tmp
#./installSplunkUF
Note : Splunk group and user will be created after running the above command.
Verify Splunk process
#ps -ef | grep -i splunk
splunk 45243 1 0 02:21 ? 00:00:00 splunkd -p 8089 start
splunk 45245 45243 0 02:21 ? 00:00:00 [splunkd pid=45243] splunkd -p 8089 start [process-runner]
root 46766 78975 0 02:23 pts/1 00:00:00 grep –color=auto -i splunk
Verify Splunk service
service name: splunk.service
#systemctl list-units –type service –all | grep ‘splunk’
splunk.service loaded active running SYSV: Splunk indexer service
systemctl status splunk.service
● splunk.service – SYSV: Splunk indexer service
Loaded: loaded (/etc/rc.d/init.d/splunk; bad; vendor preset: disabled)
Active: active (running) since Fri 2023-03-03 10:45:14 EST; 2 months 09 days ago
Docs: man:systemd-sysv-generator(8)
CGroup: /system.slice/splunk.service
├─6531 splunkd -p 8089 start
└─6540 [splunkd pid=6531] splunkd -p 8089 start [process-runner]
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
Deinstall of Splunk tool
cd /opt/splunkforwarder
./splunk disable boot-start
stop splunk.service
#systemctl stop splunk.service
Kill splunk processes
kill -9 `ps -ef | grep splunk | grep -v grep | awk '{print $2;}'`
Remove the universal forwarder installation directory.
rm -rf /opt/splunkforwarder
Delete splunk user and group
#userdel splunk
#groupdel splunk
See also