{"id":20303769,"url":"https://github.com/jmaas/splunk-configs-distributed","last_synced_at":"2026-03-08T10:39:27.879Z","repository":{"id":80587289,"uuid":"136217174","full_name":"jmaas/splunk-configs-distributed","owner":"jmaas","description":"Splunk configurations for a distributed architecture (non-clustering)","archived":false,"fork":false,"pushed_at":"2020-03-27T06:59:46.000Z","size":366,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-04T07:12:45.425Z","etag":null,"topics":["splunk","splunk-enterprise"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jmaas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-06-05T18:16:23.000Z","updated_at":"2020-06-18T14:12:26.000Z","dependencies_parsed_at":"2023-03-12T11:28:43.208Z","dependency_job_id":null,"html_url":"https://github.com/jmaas/splunk-configs-distributed","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jmaas/splunk-configs-distributed","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmaas%2Fsplunk-configs-distributed","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmaas%2Fsplunk-configs-distributed/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmaas%2Fsplunk-configs-distributed/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmaas%2Fsplunk-configs-distributed/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jmaas","download_url":"https://codeload.github.com/jmaas/splunk-configs-distributed/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmaas%2Fsplunk-configs-distributed/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30253837,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-08T08:59:44.879Z","status":"ssl_error","status_checked_at":"2026-03-08T08:58:02.867Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["splunk","splunk-enterprise"],"created_at":"2024-11-14T16:40:36.465Z","updated_at":"2026-03-08T10:39:27.866Z","avatar_url":"https://github.com/jmaas.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\nThis repository contains several basic configuration files required\nby recent Splunk versions. \nVersion used for testing is Splunk 7.1.\n\nI've created this repository to provide a simple baseline as a preparation\nfor the Splunk Certified Architect 1 exam.\n\n\nInstall\n=======\n\nSystemd based systems\n---------------------\n- copy `systemd/disable-thp.service` over to `/etc/systemd/system/`\n- copy `systemd/splunkd.service` over to `/etc/systemd/system/`\n- copy `splunk/etc/splunk-launch.conf` over to `/opt/splunk/etc/`\n- make sure you don't `enable boot-start`, just to be sure: `rm -f /etc/init.d/splunk`\n- reload systemd unit files from disk: `systemctl daemon-reload`\n- enable the disable-thp service: `systemctl enable disable-thp.service`\n- enable the splunkd service: `systemctl enable splunkd.service`\n- start splunk: `systemctl start splunkd.service`\n\nSysvinit based systems\n----------------------\n- copy `sysvinit/99-splunk.conf` over to `/etc/security/limits.d/`\n- disable THP: `echo sysvinit/rc.local \u003e\u003e /etc/rc.local`\n- start splunk on boot: `/opt/splunk/bin/splunk enable boot-start -user splunk`\n- start splunk: `/etc/init.d/splunk start`\n\nCheck\n=====\nVerify that THP is disabled:\n```\n[splunk@splunk-mgt ~]$ cat /sys/kernel/mm/transparent_hugepage/defrag\nalways madvise [never]\n[splunk@splunk-mgt ~]$ cat /sys/kernel/mm/transparent_hugepage/enabled\nalways madvise [never]\n```\n\nVerify that Splunk is not complaining about ulimits:\n```\n[splunk@splunk-mgt ~]$ grep limit /opt/splunk/var/log/splunk/splunkd.log | tail -n 12\n06-05-2018 19:44:01.122 +0200 INFO  ulimit - Limit: virtual address space size: unlimited\n06-05-2018 19:44:01.122 +0200 INFO  ulimit - Limit: data segment size: unlimited\n06-05-2018 19:44:01.122 +0200 INFO  ulimit - Limit: resident memory size: unlimited\n06-05-2018 19:44:01.122 +0200 INFO  ulimit - Limit: stack size: 8388608 bytes [hard maximum: unlimited]\n06-05-2018 19:44:01.122 +0200 INFO  ulimit - Limit: core file size: 0 bytes [hard maximum: unlimited]\n06-05-2018 19:44:01.122 +0200 WARN  ulimit - Core file generation disabled.\n06-05-2018 19:44:01.122 +0200 INFO  ulimit - Limit: data file size: unlimited\n06-05-2018 19:44:01.122 +0200 INFO  ulimit - Limit: open files: 64000 files\n06-05-2018 19:44:01.122 +0200 INFO  ulimit - Limit: user processes: 16000 processes\n06-05-2018 19:44:01.122 +0200 INFO  ulimit - Limit: cpu time: unlimited\n06-05-2018 19:44:01.122 +0200 INFO  ulimit - Linux transparent hugepage support, enabled=\"never\" defrag=\"never\"\n06-05-2018 19:44:01.122 +0200 INFO  ulimit - Linux vm.overcommit setting, value=\"0\"\n```\n\nOther stuff\n===========\n\nDeployment apps:\n- `cfg_indexers`: deployment client, license master, inputs, volumes and indexes \n- `cfg_search-heads`: deployment client, license master, outputs, distsearch\n- `cfg_license-server`: deployment client, outputs\n- `cfg_monitoring-console`: deployment client, license master, outputs\n- `cfg_deployment-server`: license master, outputs\n- `cfg_universal-forwarder`: deployment clients, outputs, inputs\n\nMisc notes are stored in `docs/`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjmaas%2Fsplunk-configs-distributed","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjmaas%2Fsplunk-configs-distributed","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjmaas%2Fsplunk-configs-distributed/lists"}