The splunk big data log analysis system remotely obtains log data.

1.SplunkReceiver Enabled

In the splunk Server installation directory, run./splunk enable listen 9997-auth <username >:< password>

Username: splunk Web login username by default

Password: splunk Web login password by default

./Splunk enable listen 9997-auth admin: changme

2.SplunkForwarder Installation(LinuxInstall,WindowsNext step)

Http://www.splunk.com/download/universalforwarderdownload the corresponding Forwarder

Rpm-IVH splunkforwarder-6.1.3-220630-linux-2.6-x86_64.rpm

CD/opt/splunkforwarder/bin

# Start splunk

./Splunk start

# Self-starting splunk

./Splunk enable boot-start

# Confirm that the forwarder is connected to the receiver

./Splunk add forward-server 192.168.160.98: 9997

# View the list of available splunk Receivers

./Splunk list forward-Server

# Enable the forwarder to collect/var/log/varnish logs

./Splunk add Monitor/var/log/Varnish

# Specify a fixed index to collect logs. You must create an index varnish on the splunk server in advance.

./Splunk add Monitor/var/log/Varnish-index Varnish

# This is basically OK, but it is very troublesome to extract fields. Therefore, we need to specify a fixed name for sourcetype to facilitate searching.

CD/opt/splunkforwarder/etc/apps/search/local

Vim inputs. conf

Sourcetype = Varnish

/Opt/splunkforwarder/bin/splunk restart

3.SplunkStatement search

# If you are using a custom index, you must specify the index during the search.

Index = "varnish" sourcetype = "varnish"

OK, then we can extract fields for sourcetype = "varnish.

Splunk CONF file can be referred to: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf

This article from the "Linux O & M" blog, please be sure to keep this source http://utrace.blog.51cto.com/2213120/1548265

The splunk big data log analysis system remotely obtains log data.