Limited Time Offer!

For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!

Enroll Now

Splunk Tutorial: Install & Configure Splunk Server (Indexer + Search Head + Universal forwarder)


Setup Splunk(Indexer + Search Head) [LICENSE SERVER ]
========================================================
$ sudo-s
$ cd /opt
$ wget -O splunk-8.0.4.1-ab7a85abaa98-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.4.1&product=splunk&filename=splunk-8.0.4.1-ab7a85abaa98-Linux-x86_64.tgz&wget=true'
$ tar -zxvf splunk-8.0.4.1-ab7a85abaa98-Linux-x86_64.tgz
$ cd splunk
$ cd bin
$ ./splunk start --accept-license 
http://15.206.149.89:8000/
admin/admin123

--------------
1. Settings => Monitoring console => Setting => Forwarder Monitoring Setup => Forwarder Monitoring (ENABLE with 15 mins)
2. Settings => Forwarding and Recieving => Receive data => Add New ==> Listen on this port (For example, 9997 will receive data on TCP port 9997)
3. Restart a Splunk Instance
Settings => Server Controls => Restart Splunk

Setup universal forwarder
========================================================
$ sudo-s
$ cd /opt
$ wget -O splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.4&product=universalforwarder&filename=splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz&wget=true'
$ tar -zxvf splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz
$ cd splunkforwarder

# Create this file with some STRUCTURED Content
vi /opt/unitest.csv

name,age,city,skill
devopsschool1,22,hyd1,devops1
devopsschool2,23,hyd2,devops2
devopsschool3,24,hyd3,devops3
devopsschool4,25,hyd4,devops4

Setting up output.conf
$ ./bin/splunk add forward-server 15.206.149.89:9997 --accept-license 
$ ./bin/splunk list forward-server

Setting up input.conf
$ ./bin/splunk list monitor 
$ ./bin/splunk add monitor /opt/unitest.csv
$ ./bin/splunk add monitor /var/log
$ ./bin/splunk list forward-server


$ ./bin/splunk restart
$ ps -eaf | grep splunk
$ ./bin/splunk list forward-server
Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x