{"id":30449,"date":"2022-06-27T12:26:39","date_gmt":"2022-06-27T12:26:39","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=30449"},"modified":"2022-12-23T05:52:33","modified_gmt":"2022-12-23T05:52:33","slug":"splunk-tutorial-setup-splunk-server-indexer-search-head-universal-forwarder","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/splunk-tutorial-setup-splunk-server-indexer-search-head-universal-forwarder\/","title":{"rendered":"Splunk Tutorial: Install & Configure Splunk Server (Indexer + Search Head + Universal forwarder)"},"content":{"rendered":"\n
\n\n\n
Setup Splunk(Indexer + Search Head) [LICENSE SERVER ]\n========================================================\n$ sudo-s\n$ cd \/opt\n$ wget -O splunk-8.0<\/span>.4<\/span>.1<\/span>-ab7a85abaa98-Linux-x86_64.tgz 'https:\/\/www.splunk.com\/bin\/splunk\/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.4.1&product=splunk&filename=splunk-8.0.4.1-ab7a85abaa98-Linux-x86_64.tgz&wget=true'<\/span>\n$ tar -zxvf splunk-8.0<\/span>.4<\/span>.1<\/span>-ab7a85abaa98-Linux-x86_64.tgz\n$ cd splunk\n$ cd bin\n$ .\/splunk start --accept-license \nhttp:\/\/15.206.149.89:8000\/<\/span>\nadmin\/admin123\n\n--------------\n1.<\/span> Settings => Monitoring console => Setting => Forwarder Monitoring Setup => Forwarder Monitoring (ENABLE with 15<\/span> mins)\n2.<\/span> Settings => Forwarding and<\/span> Recieving => Receive data => Add New<\/span> ==> Listen on this port (For<\/span> example, 9997<\/span> will receive data on TCP port 9997<\/span>)\n3.<\/span> Restart a Splunk Instance\nSettings => Server Controls => Restart Splunk\n\nSetup universal forwarder\n========================================================\n$ sudo-s\n$ cd \/opt\n$ wget -O splunkforwarder-8.0<\/span>.4<\/span>-767223<\/span>ac207f-Linux-x86_64.tgz 'https:\/\/www.splunk.com\/bin\/splunk\/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.4&product=universalforwarder&filename=splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz&wget=true'<\/span>\n$ tar -zxvf splunkforwarder-8.0<\/span>.4<\/span>-767223<\/span>ac207f-Linux-x86_64.tgz\n$ cd splunkforwarder\n\n# Create this file with some STRUCTURED Content<\/span>\nvi \/opt\/unitest.csv\n\nname,age,city,skill\ndevopsschool1,22<\/span>,hyd1,devops1\ndevopsschool2,23<\/span>,hyd2,devops2\ndevopsschool3,24<\/span>,hyd3,devops3\ndevopsschool4,25<\/span>,hyd4,devops4\n\nSetting up output.conf\n$ .\/bin\/splunk add forward-server 15.206<\/span>.149<\/span>.89<\/span>:9997<\/span> --accept-license \n$ .\/bin\/splunk list<\/span> forward-server\n\nSetting up input.conf\n$ .\/bin\/splunk list<\/span> monitor \n$ .\/bin\/splunk add monitor \/opt\/unitest.csv\n$ .\/bin\/splunk add monitor \/var<\/span>\/log\n$ .\/bin\/splunk list<\/span> forward-server\n\n\n$ .\/bin\/splunk restart\n$ ps -eaf | grep splunk\n$ .\/bin\/splunk list<\/span> forward-server\n<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-30449","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/30449","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=30449"}],"version-history":[{"count":2,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/30449\/revisions"}],"predecessor-version":[{"id":30458,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/30449\/revisions\/30458"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=30449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=30449"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=30449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}