Install Splunk 6 on CentOS 6/7 with non-root user

1. useradd splunk

2. tar zxf splunk-6.4.0-f2c836328108-Linux-x86_64.tgz -C /opt

3. chown -R splunk:splunk /opt/splunk

4.  su - splunk

/opt/splunk/bin/splunk start --accept-license

 /opt/splunk/bin/splunk enable boot-start -user splunk ( should run under root permission, this will create init script for CentOS 6/7, for CentOS 7 systemd script, check below)

5. reboot and make sure splunk starts up as expected

ss -lnt

ps -ef | grep splunk

Notes: above step is same as Ubuntu 16.04 (useradd -m splunk, use sysv-rc-conf to check auto boot )

for CentOS 7 systemd script: no need from Splunk 7.2.2 ( native support )

vi /usr/lib/systemd/system/splunk.service

[Unit]
Description=Splunk
After=network.target

[Service]
RemainAfterExit=yes
ExecStart=/opt/splunk/bin/splunk start
ExecStop=/opt/splunk/bin/splunk stop
ExecReload=/opt/splunk/bin/splunk restart
User=splunk
Group=splunk

[Install]
WantedBy=multi-user.target

systemctl enable splunk

for universal forwarder installation on CentOS 6/7:

useradd splunk

tar zxf splunkforwarder-6.4.0-f2c836328108-Linux-x86_64.gz -C /opt

chown -R splunk:splunk /opt/splunkforwarder/

su - splunk

/opt/splunkforwarder/bin/splunk start --accept-license

/opt/splunkforwarder/bin/splunk enable boot-start -user splunk ( should run under root permission )

forward data to Indexer:

/opt/splunkforwarder/bin/splunk add forward-server x.x.x.x:9997 -auth admin:PASSWORD

for add SPLUNK_HOME path:

vi /etc/profile

export SPLUNK_HOME=/opt/splunk

export PATH=$SPLUNK_HOME/bin:$PATH