Splunk Tutorial: Install & Configure Splunk Server (Indexer + Search Head + Universal forwarder)

Turn Your Vehicle Into a Smart Earning Asset

While you’re not driving your car or bike, it can still be working for you. MOTOSHARE helps you earn passive income by connecting your vehicle with trusted renters in your city.

🚗 You set the rental price
🔐 Secure bookings with verified renters
📍 Track your vehicle with GPS integration
💰 Start earning within 48 hours

It’s simple, safe, and rewarding. Your vehicle. Your rules. Your earnings.

Setup Splunk(Indexer + Search Head) [LICENSE SERVER ]
========================================================
$ sudo-s
$ cd /opt
$ wget -O splunk-8.0.4.1-ab7a85abaa98-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.4.1&product=splunk&filename=splunk-8.0.4.1-ab7a85abaa98-Linux-x86_64.tgz&wget=true'
$ tar -zxvf splunk-8.0.4.1-ab7a85abaa98-Linux-x86_64.tgz
$ cd splunk
$ cd bin
$ ./splunk start --accept-license 
http://15.206.149.89:8000/
admin/admin123

--------------
1. Settings => Monitoring console => Setting => Forwarder Monitoring Setup => Forwarder Monitoring (ENABLE with 15 mins)
2. Settings => Forwarding and Recieving => Receive data => Add New ==> Listen on this port (For example, 9997 will receive data on TCP port 9997)
3. Restart a Splunk Instance
Settings => Server Controls => Restart Splunk

Setup universal forwarder
========================================================
$ sudo-s
$ cd /opt
$ wget -O splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.4&product=universalforwarder&filename=splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz&wget=true'
$ tar -zxvf splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz
$ cd splunkforwarder

# Create this file with some STRUCTURED Content
vi /opt/unitest.csv

name,age,city,skill
devopsschool1,22,hyd1,devops1
devopsschool2,23,hyd2,devops2
devopsschool3,24,hyd3,devops3
devopsschool4,25,hyd4,devops4

Setting up output.conf
$ ./bin/splunk add forward-server 15.206.149.89:9997 --accept-license 
$ ./bin/splunk list forward-server

Setting up input.conf
$ ./bin/splunk list monitor 
$ ./bin/splunk add monitor /opt/unitest.csv
$ ./bin/splunk add monitor /var/log
$ ./bin/splunk list forward-server


$ ./bin/splunk restart
$ ps -eaf | grep splunk
$ ./bin/splunk list forward-server
Code language: PHP (php)

Rajesh Kumar

I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.

Do you want to learn Quantum Computing?

Please find my social handles as below;

Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs: