CentOS 7 Installation Splunk

Guide

Splunk is the most powerful tool for exploring and searching data, from collecting and analyzing real-time visualizations of applications, Web servers, databases and server platforms, to analyzing the massive amounts of data generated by IT companies, security systems or any business applications, giving you the best operational performance and business for a total insight to get results.

There is no official installation required, but I recommend a suitable domain name before installing a firewall and network configuration for the server. This software only supports 64-bit server architecture, in this article I instruct you how to install Splunk Enterprise Edition on CentOS 7 server. Let's install with a single step.

1. Create a Splunk user

Splunk always recommends using a dedicated user to run this application instead of the root user. I created a user to run the application and created a folder to install the application.

[Email protected] tmp]# groupadd splunk[[email protected] tmp]# useradd-d/opt/splunk-m-G splunk splunk[[email Protect ED] tmp]# Su-splunk[[email protected] ~]$ iduid=1001 (splunk) gid=1001 (splunk) groups=1001 (splunk) Confirm the server arch Itecture[[email protected] ~]$ getconf Long_bit64

2. Download unzip Splunk Enterprise Edition

Download the Splunk software from the Splunk official website and create an account.

Now unzip the tar file and copy the file under the application folder under/opt/splunk that has been created Splunk.

[Email protected] tmp]# TAR-XVF splunk-6.4.0-f2c836328108-linux-x86_64.tgz[[email protected] tmp]# CP-RP splunk/*/opt/ Splunk/[[email protected] tmp]# chown-r splunk:/opt/splunk/

3. Installing Splunk

After the Splunk software is downloaded, you can run the installation script with your Splunk user login. I choose a trial license, so it will default.

[email protected] tmp]# su-splunklast login:fri Apr 08:14:12 UTC on pts/0[[email protected] ~]$ cd BI N/[[email protected] bin]$./splunk start--accept-licensethis appears to being your first time running this version of Splunk.copying '/opt/splunk/etc/openldap/ldap.conf.default ' to '/opt/splunk/etc/openldap/ldap.conf '. Generating RSA private key, 1024x768 bit long modulus.++++++..................++++++e is 65537 (0x10001) writing RSA Keygenerat ing RSA private key, 1024x768 bit long modulus................++++++. ++++++e is 65537 (0x10001) Writing RSA keymoving '/opt/splunk/share/splunk/search_mrsparkle/modules.new ' to '/opt/ Splunk/share/splunk/search_mrsparkle/modules '. Splunk> Australian for grep. Checking Prerequisites ... Checking http port [8000]: Openchecking MGMT Port [8089]: openchecking appserver Port [127.0.0.1:8065]: openchecking kvsto Re Port [8191]: openchecking configuration ... Done.creating:/opt/splunk/var/lib/splunkcreating:/opt/splunk/var/run/splunkcreating:/opt/splunk/var/run/splunk/appserver/i18ncreating:/opt/splunk/var/run/splunk/appserver/modules/static/ Csscreating:/opt/splunk/var/run/splunk/uploadcreating:/opt/splunk/var/spool/splunkcreating:/opt/splunk/var/ Spool/dirmoncachecreating:/opt/splunk/var/lib/splunk/authdbcreating:/opt/splunk/var/lib/splunk/hashdbchecking Critical directories ... donechecking indexes ... Validated: _audit _internal _introspection _thefishbucket History main Summarydonenew certs has been generated in '/opt/s Plunk/etc/auth '. Checking filesystem compatibility ... Donechecking conf files for problems ... donechecking default conf files for edits ... Validating installed files against hashes from '/opt/splunk/splunk-6.4.0-f2c836328108-linux-2.6-x86_64-manifest ' all Installed files intact. Doneall preliminary checks passed. Starting Splunk Server daemon (SPLUNKD) ... Generating a 1024x768 bit RSA private key.....................++++++...........................++++++writing new private Key to ' PRIVKEYSECURE.PEM '-----SignaTure oksubject=/cn=server1.centos7-test.com/o=splunkusergetting CA Private keywriting RSA keydone[OK]Waiting for Web SE RVer at http://127.0.0.1:8000-be available .... Doneif get stuck, we ' re here to help. Look for answers here:http://docs.splunk.comthe Splunk web interface are at http://server1.centos7-test.com:8000

Now that you have access to your Splunk Web interface http://IP:8000/or http://hostname:8000, you need to make sure that this port 8000 is open on your server firewall.

4. Configuring the Splunk Web interface

I have completed Splunk installation and the Splunk service is running properly on my server. Now I need to set up my Splunk Web interface, using the administrator password I set to access the Splunk Web interface.

For the first time when you visit the Splunk interface, you use the Admin user and password in the page. Once logged in, on the next page, it will require you to change and confirm your new password.

You have now set a new administrator password. Once you sign in with your new password, you will have the Splunk dashboard ready to use.

The different categories are listed on the home page, and you can select the one you want to start splunking.

5. Add a task

I want to add an example for a simple task that is added to the Splunk system. Just see my snapshot to find out how I will add it. My task is to add the/var/log folder to the monitoring of the Splunk system.

1. Open the Splunk Web interface and on the Settings tab, click > > select Add Data Option

2. Our task here is to monitor the folder, so we continue to monitor.

In the monitor option, there are four categories shown:

Files and directories: Monitoring files/folders

HTTP event Collector: monitoring traffic over HTTP

TCP/UDP: Monitoring Service ports

Scripting: Monitoring scripts

3. For our purposes, I choose File and directory options.

4. Select the exact folder path from the server that you want to monitor.

5. Now you can start searching and monitoring as required log files.

On the server you can see that my logs are shrunk to an application.

This is just splunking a simple example where you can add as many tasks as possible to this, browsing your server data. I hope this article is rich in 頩 useful to you. Thank you for reading here, please put forward your valuable suggestions and comments. Now try to use the Splunk!!

CentOS 7 Installation Splunk