Control Splunk Architecture Services with the click of a button
It’s always best practice to proper start and stop anything, Splunk is no different. If it’s a single environment such a small thing wouldn’t be a tedious process but what if you have 100 instances running Splunk simultaneously? What then? Going to each individual instance and starting and stopping it would be a monumental task itself. To prevent this for happening we found a solution.
Requirements:-
Multiple Splunk instances, Apache, php.
Step 1:-
Install Apache and php in this single instance which has the main code. After the installation the instance should have a webpage which looks something like the picture given below.
Step 2:-
Create the PHP Code. This code will have buttons which will trigger the splunk code to start or stop the splunk instance when the button is pressed in the web page. The code must be made in /var/www/html/location.
After creating the folder or file the below picture will show how it looks in the web server. Change the ownership and group of the file and make it executable as before
Commands used:-
chmod –R 777 <filename>
chown –R root:root <filename>
PHP algorithm for creating buttons:-
If you have to create more buttons use the above same format to add more buttons in the individual columns.
PHP algorithm that triggers Splunk script to start or stop instance when button is clicked.
The Below picture should show how the UI of the PHP code should look like. Now clicking into the buttons should start or stop an individual Splunk instance and save you a lot of valuable time.
Step 3:-
Create a code which starts and stops a splunk instance using ssh. Save the code as a root user and make the file executable. We are using Linux OS for this task.
Save this file in the /var/www/html directory.
Code that starts or stops Splunk:-
In the above code, the if command is the main part is that executes the command that should run in the other instance that is being SSH.
USERNAME, PASSWORD, HOSTS and SCRIPT are variables having their individual values in them that are called by the command in the if statement in the code.
The above code is a sample code for starting splunk, you can replace the splunk start command with the splunk stop command to stop splunk instead of starting if needed.
The below picture is the output for when the button is pressed and splunk is shut down.
The below picture shows what happens when the button for splunk stop is pressed and what happens in the backend.
The below picture is the output for when the button is pressed and splunk is starting down.
The below picture shows what happens when the button for splunk start is pressed and what happens in the backend.
Sample PHP code:
This code only has 2 columns and rows with buttons for splunk start and stop if more are needed follow the algorithm that has been given above.
Include all the external Bootstrap and JS libraries
Click on button and execute the script of start and stop on the particular instance
Create button for user to perform the above actions
I hope you like this blog if you are still facing issue regarding this topic feel free to ask doubts in the comment section below and don’t forget to follow our more Splunk blogs on Avotrix.
happy Splunking >
