Set up Splunk on linux
来源:互联网 发布:dbxpa处理器的软件 编辑:程序博客网 时间:2024/05/16 17:41
0. Download splunk install package
http://www.splunk.com/download/splunk-6.1.2-213098-linux-2.6-x86_64.rpm
1. Install enterprise :
npm -i splunk-6.1.2-213098-linux-2.6-x86_64.rpm
2. start splunk:
cd /opt/splunk/bin
./splunk start --accept-license
./splunk enable boot-start -user root
3. Install universal forwarder:
npm -i splunkforwarder-6.1.2-213098-linux-2.6-x86_64.rpm
4. start splunk forwarder:
cd /opt/splunkforwarder/bin
./splunk start --accept-license
./splunk enable boot-start -user root
5. Change forwarder admin password:
cd /opt/splunkforwarder/bin
./splunk edit user admin -password <new password> -role admin admin: changeme <changed to forwardme>
6. configure universal forwarder act as a deplyment client:
./splunk set deploy-poll 127.0.0.1:8089
7. configure universal forwarder to forward a specific receiving indexer:
./splunk add forward-server 127.0.0.1:9997 admin:forwardme
8. configure forwarder inputs.conf:
cd /opt/splunkforwarder/etc/system/local
gedit inputs.conf
[monitor:<the directory you would like to monitor> ] //my sample: /home/aimqa/Desktop/SG_JobsResults
disabled=false
sourcetype=<your sourcetype name that you need to set up on server> //my sample: sg_production
9. Additional setting:
if you want to clone your data to the end sever, you may clone data to another server by:
cd /opt/splunkforwarder/etc/system/local
gedit outputs.conf
before edit, you should get the outputs.conf like this:
[tcpout]
defaultGroup=<target_group>
[tcpout:<target_group>]
server=<receiving_server1>:<port><attribute1> = <val1><attribute2> = <val2>
to set up date clone, modify the outputs.conf to:
[tcpout]
defaultGroup=<target_group1>,<target_group2>
[tcpout:<target_group1>]
server=<receiving_server1>:<port>
10. add more monitor directory to added to different sourcetype:[tcpout:<target_group2>]
server=<receiving_server2>:<port>
11. Now you could set up a data monitor to grasp data you want to monitor and added it to the monitor directory so that data is forwarded to server for deeper search.cd /opt/splunkforwarder/etc/system/local
gedit inputs.conf
add another line:
[monitor:<the directory you would like to monitor> ] //my sample: /home/aimqa/Desktop/SG_JobsResults
I used crontab on linux to repeat query data and populate to monitor directory:
/sbin/service crond stop
crontab -e
0 * * * * /bin/sh <your bash file .sh>
//before I start the timely update log, I queried all history data and forwarded it to server, then I start crond to query data once an hour at sharp time
/sbin/service crond start
- Set up Splunk on linux
- Set up Shared Screen on Linux
- How to set up Liferay DXP/7 on Linux
- Set up tftp on Fedora
- Linux set up FQDN
- Set up your own ClipBucket on windows
- Set up SVN server on CentOS
- Set Up a LAMP Server on Gentoo
- set up tftp server on redhat system
- nfs server set up on redhat
- robot framework environment set up on windows
- Set Up Scheduler Job on Azure
- How to set up Eclipse with Android SDK on Ubuntu linux 9.04/9.10 (updated)
- How to set up a mail server on a GNU / Linux system
- 安装NFS ,LINUX - How To Set Up an NFS Mount on CentOS 6
- Set up SSH for Git and Mercurial on Mac OSX/Linux
- [转载]How To Set Up And Use X11 Forwarding On Linux And Mac
- How to set up 802.1q trunking and bridging on Linux
- 判断中文
- 开源项目SlideMenu使用详解
- oracle 更新语句使用变量名代表列名
- 数据结构和算法设计专题之---判断单链表中是否有环,环的长度,环的入口节点
- HighCharts的一些参数了解
- Set up Splunk on linux
- jedis开发过程中遇到的问题及其解决方法
- 黑马程序员 第一章:面向对象
- 获取域内计算机硬件信息的VBS脚本内容
- " 的神奇。
- HDU 1213 How Many Tables 并查集
- 关于JS的for in循环
- “七剂中医”技术优势
- poj 3461 Oulipo