Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

We spend hours scrolling social media and waste money on things we forget, but won’t spend 30 minutes a day earning certifications that can change our lives.
Master in DevOps, SRE, DevSecOps & MLOps by DevOpsSchool!

Learn from Guru Rajesh Kumar and double your salary in just one year.


Get Started Now!

Splunk Tutorial: Install & Configure Splunk Server (Indexer + Search Head + Universal forwarder)


Setup Splunk(Indexer + Search Head) [LICENSE SERVER ]
========================================================
$ sudo-s
$ cd /opt
$ wget -O splunk-8.0.4.1-ab7a85abaa98-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.4.1&product=splunk&filename=splunk-8.0.4.1-ab7a85abaa98-Linux-x86_64.tgz&wget=true'
$ tar -zxvf splunk-8.0.4.1-ab7a85abaa98-Linux-x86_64.tgz
$ cd splunk
$ cd bin
$ ./splunk start --accept-license 
http://15.206.149.89:8000/
admin/admin123

--------------
1. Settings => Monitoring console => Setting => Forwarder Monitoring Setup => Forwarder Monitoring (ENABLE with 15 mins)
2. Settings => Forwarding and Recieving => Receive data => Add New ==> Listen on this port (For example, 9997 will receive data on TCP port 9997)
3. Restart a Splunk Instance
Settings => Server Controls => Restart Splunk

Setup universal forwarder
========================================================
$ sudo-s
$ cd /opt
$ wget -O splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.4&product=universalforwarder&filename=splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz&wget=true'
$ tar -zxvf splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz
$ cd splunkforwarder

# Create this file with some STRUCTURED Content
vi /opt/unitest.csv

name,age,city,skill
devopsschool1,22,hyd1,devops1
devopsschool2,23,hyd2,devops2
devopsschool3,24,hyd3,devops3
devopsschool4,25,hyd4,devops4

Setting up output.conf
$ ./bin/splunk add forward-server 15.206.149.89:9997 --accept-license 
$ ./bin/splunk list forward-server

Setting up input.conf
$ ./bin/splunk list monitor 
$ ./bin/splunk add monitor /opt/unitest.csv
$ ./bin/splunk add monitor /var/log
$ ./bin/splunk list forward-server


$ ./bin/splunk restart
$ ps -eaf | grep splunk
$ ./bin/splunk list forward-server
Code language: PHP (php)
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.

0
Would love your thoughts, please comment.x
()
x