1.SplunkReceiver Enabled
In the splunk Server installation directory, run./splunk enable listen 9997-auth <username >:< password>
Username: splunk Web login username by default
Password: splunk Web login password by default
./Splunk enable listen 9997-auth admin: changme
2.SplunkForwarder Installation(LinuxInstall,WindowsNext step)
Http://www.splunk.com/download/universalforwarderdownload the corresponding Forwarder
Rpm-IVH splunkforwarder-6.1.3-220630-linux-2.6-x86_64.rpm
CD/opt/splunkforwarder/bin
# Start splunk
./Splunk start
# Self-starting splunk
./Splunk enable boot-start
# Confirm that the forwarder is connected to the receiver
./Splunk add forward-server 192.168.160.98: 9997
# View the list of available splunk Receivers
./Splunk list forward-Server
# Enable the forwarder to collect/var/log/varnish logs
./Splunk add Monitor/var/log/Varnish
# Specify a fixed index to collect logs. You must create an index varnish on the splunk server in advance.
./Splunk add Monitor/var/log/Varnish-index Varnish
# This is basically OK, but it is very troublesome to extract fields. Therefore, we need to specify a fixed name for sourcetype to facilitate searching.
CD/opt/splunkforwarder/etc/apps/search/local
Vim inputs. conf
Sourcetype = Varnish
/Opt/splunkforwarder/bin/splunk restart
3.SplunkStatement search
# If you are using a custom index, you must specify the index during the search.
Index = "varnish" sourcetype = "varnish"
OK, then we can extract fields for sourcetype = "varnish.
Splunk CONF file can be referred to: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf
This article from the "Linux O & M" blog, please be sure to keep this source http://utrace.blog.51cto.com/2213120/1548265
The splunk big data log analysis system remotely obtains log data.