Install Splunk in CentOS 7

Source: Internet
Author: User
Tags modulus openldap

Install Splunk in CentOS 7
GuideSplunk is the most powerful tool for data exploration and search. IT visualizes massive data streams in real time from the collection and analysis of applications, Web servers, databases, and server platforms, and analyzes the massive data volumes produced by IT enterprises, security systems or any commercial applications give you an overall insight into the best operational performance and business outcomes.

No official installation is required, but I recommend a proper domain name before installing firewall and network configuration for the server. This software only supports the 64-bit server architecture. In this article, I will guide you how to install Splunk Enterprise Edition on CentOS 7 server. Let's install it one by one.

1. Create a Splunk user

Splunk always recommends that you use a dedicated user to run the application, not the root user. I have created a user to run the application and created a folder to install the application.

[root@server1 tmp]# groupadd splunk[root@server1 tmp]# useradd -d /opt/splunk -m -g splunk splunk[root@server1 tmp]# su - splunk[splunk@server1 ~]$ iduid=1001(splunk) gid=1001(splunk) groups=1001(splunk)Confirm the server architecture[splunk@server1 ~]$ getconf LONG_BIT64
2. Download and unzip the Splunk Enterprise Edition

Download the Splunk software from the official Splunk website and create an account.

Decompress the tar file and copy the file to the application folder where splunk has been created under/opt/splunk.

root@server1 tmp]# tar -xvf splunk-6.4.0-f2c836328108-Linux-x86_64.tgz[root@server1 tmp]# cp -rp splunk/* /opt/splunk/[root@server1 tmp]# chown -R splunk: /opt/splunk/
3. Install Splunk

After the Splunk software is downloaded, you can log on to your Splunk user to run the installation script. I select a trial license, so it will default.

root@server1 tmp]# su - splunkLast login: Fri Apr 29 08:14:12 UTC 2016 on pts/0[splunk@server1 ~]$ cd bin/[splunk@server1 bin]$ ./splunk start --accept-licenseThis appears to be your first time running this version of Splunk.Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'.Generating RSA private key, 1024 bit long modulus.++++++..................++++++e is 65537 (0x10001)writing RSA keyGenerating RSA private key, 1024 bit long modulus................++++++..++++++e is 65537 (0x10001)writing RSA keyMoving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'.Splunk> Australian for grep.Checking prerequisites...Checking http port [8000]: openChecking mgmt port [8089]: openChecking appserver port [127.0.0.1:8065]: openChecking kvstore port [8191]: openChecking configuration... Done.Creating: /opt/splunk/var/lib/splunkCreating: /opt/splunk/var/run/splunkCreating: /opt/splunk/var/run/splunk/appserver/i18nCreating: /opt/splunk/var/run/splunk/appserver/modules/static/cssCreating: /opt/splunk/var/run/splunk/uploadCreating: /opt/splunk/var/spool/splunkCreating: /opt/splunk/var/spool/dirmoncacheCreating: /opt/splunk/var/lib/splunk/authDbCreating: /opt/splunk/var/lib/splunk/hashDbChecking critical directories... DoneChecking indexes...Validated: _audit _internal _introspection _thefishbucket history main summaryDoneNew certs have been generated in '/opt/splunk/etc/auth'.Checking filesystem compatibility... DoneChecking conf files for problems...DoneChecking default conf files for edits...Validating installed files against hashes from '/opt/splunk/splunk-6.4.0-f2c836328108-linux-2.6-x86_64-manifest'All installed files intact.DoneAll preliminary checks passed.Starting splunk server daemon (splunkd)...Generating a 1024 bit RSA private key.....................++++++...........................++++++writing new private key to 'privKeySecure.pem'-----Signature oksubject=/CN=server1.centos7-test.com/O=SplunkUserGetting CA Private Keywriting RSA keyDone[ OK ]Waiting for web server at http://127.0.0.1:8000 to be available.... DoneIf you get stuck, we're here to help.Look for answers here: http://docs.splunk.comThe Splunk web interface is at http://server1.centos7-test.com:8000

Now you can access your Splunk Web interface http: // IP: 8000/or http: // hostname: 8000. Make sure that port 8000 is open on your server firewall.

4. Configure the Splunk Web Interface

I have installed Splunk AND THE Splunk service is running normally on my server. Now I need to set up my Splunk Web interface and access the Splunk web interface with the administrator password I set.

When you access the Splunk interface for the first time, you use the administrator user and password on the page. Once you log on, it is on the next page and requires you to change and confirm your new password.

Now, you have set a new Administrator password. Once you log on with a new password, you will have a ready-to-use Splunk dashboard.

Different categories are listed on the home page. You can select a desired start splunking.

5. Add a task

I want to add an example as a simple task, which is added to the Splunk system. I just saw my snapshot to learn how I will add it. My task is to add the/var/log folder to the Splunk system for monitoring.

1. Open the Splunk Web interface, and click> select add data option on the settings tab.

2. here our task is to monitor the folder, so we continue to monitor.


In the monitor option, there are four categories shown:

Files And Directories: monitoring files/folders

HTTP Event Collector: monitors data streams over HTTP

TCP/UDP: Monitoring Service port

Script: Monitoring script

3. For our purpose, I select the file and directory options.

4. Select the exact folder path from the server to be monitored.



5. Now you can start searching and monitoring as the required log files.



On the server, you can see that my log is reduced to an application.

This is just a simple example of Splunking. You can add as many tasks as possible to view your server data. I hope this article is a rich array of useful tokens for you. Thank you for reading this article. Please provide your valuable suggestions and comments. Try to use Splunk now !!

Original article from: http://linoxide.com/monitoring-2/install-splunk-centos-7/translation: Feng Zhenhua

Address: http://www.linuxprobe.com/centos7-install-splunk.html


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.