Setup Splunk(Indexer + Search Head) [LICENSE SERVER ]
========================================================
$ sudo-s
$ cd /opt
$ wget -O splunk-8.0.4.1-ab7a85abaa98-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.4.1&product=splunk&filename=splunk-8.0.4.1-ab7a85abaa98-Linux-x86_64.tgz&wget=true'
$ tar -zxvf splunk-8.0.4.1-ab7a85abaa98-Linux-x86_64.tgz
$ cd splunk
$ cd bin
$ ./splunk start --accept-license
http://15.206.149.89:8000/
admin/admin123
--------------
1. Settings => Monitoring console => Setting => Forwarder Monitoring Setup => Forwarder Monitoring (ENABLE with 15 mins)
2. Settings => Forwarding and Recieving => Receive data => Add New ==> Listen on this port (For example, 9997 will receive data on TCP port 9997)
3. Restart a Splunk Instance
Settings => Server Controls => Restart Splunk
Setup universal forwarder
========================================================
$ sudo-s
$ cd /opt
$ wget -O splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.4&product=universalforwarder&filename=splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz&wget=true'
$ tar -zxvf splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz
$ cd splunkforwarder
# Create this file with some STRUCTURED Content
vi /opt/unitest.csv
name,age,city,skill
devopsschool1,22,hyd1,devops1
devopsschool2,23,hyd2,devops2
devopsschool3,24,hyd3,devops3
devopsschool4,25,hyd4,devops4
Setting up output.conf
$ ./bin/splunk add forward-server 15.206.149.89:9997 --accept-license
$ ./bin/splunk list forward-server
Setting up input.conf
$ ./bin/splunk list monitor
$ ./bin/splunk add monitor /opt/unitest.csv
$ ./bin/splunk add monitor /var/log
$ ./bin/splunk list forward-server
$ ./bin/splunk restart
$ ps -eaf | grep splunk
$ ./bin/splunk list forward-server
Code language: PHP (php)
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
Find Trusted Cardiac Hospitals
Compare heart hospitals by city and services — all in one place.
Explore Hospitals