Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to install Splunk in CentOS7". In daily operation, I believe many people have doubts about how to install Splunk in CentOS7. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts about "how to install Splunk in CentOS7". Next, please follow the editor to study!

Splunk is the engine of machine data. Use Splunk to collect, index, and leverage fast mobile computer data generated by all applications, servers, and devices. Using Splunking to process computer data allows you to resolve problems and investigate security incidents in minutes.

1. Create a Splunk user

Splunk always recommends using a dedicated user to run this application, not the root user. I created a user to run the application and created a folder to install the application.

[root@server1 tmp] # groupadd splunk [root@server1 tmp] # useradd-d / opt/splunk-m-g splunk splunk [root@server1 tmp] # su-splunk [splunk@server1 ~] $iduid=1001 (splunk) gid=1001 (splunk) groups=1001 (splunk) Confirm the server architecture [splunk@server1 ~] $getconf LONG_BIT642. Download and extract Splunk Enterprise Edition

Download the Splunk software from Splunk's official website and create an account. Now extract the tar file and copy the file to the application folder under / opt/splunk where the splunk has been created.

Root@server1 tmp] # tar-xvf splunk-6.4.0-f2c836328108-Linux-x86_ 64.tgz [root @ server1 tmp] # cp-rp splunk/* / opt/splunk/ [root@server1 tmp] # chown-R splunk: / opt/splunk/3. Install Splunk

After downloading the Splunk software, you can run the installation script with your Splunk user login. I chose a trial license, so it defaults.

Root@server1 tmp] # su-splunkLast login: Fri Apr 29 08:14:12 UTC 2016 on pts/0 [splunk@server1 ~] $cd bin/ [splunk@server1 bin] $. / splunk start-- accept-licenseThis appears to be your first time running this version of Splunk.Copying'/ opt/splunk/etc/openldap/ldap.conf.default' to'/ opt/splunk/etc/openldap/ldap.conf'.Generating RSA private key 1024 bit long modulus.+.+e is 65537 (0x10001) writing RSA keyGenerating RSA private key 1024 bit long modulus.+..+e is 65537 (0x10001) writing RSA keyMoving'/ opt/splunk/share/splunk/search_mrsparkle/modules.new' to'/ opt/splunk/share/splunk/search_mrsparkle/modules'.Splunk > Australian for grep.Checking prerequisites...Checking http port [8000]: openChecking mgmt port [8089]: openChecking appserver port [127.0.0.1 opt/splunk/share/splunk/search_mrsparkle/modules.new' to]: openChecking kvstore port [8191]: openChecking configuration... Done.Creating: / opt/splunk/var/lib/splunkCreating: / opt/splunk/var/run/splunkCreating: / opt/splunk/var/run/splunk/appserver/i18nCreating: / opt/splunk/var/run/splunk/appserver/modules/static/cssCreating: / opt/splunk/var/run/splunk/uploadCreating: / opt/splunk/var/spool/splunkCreating: / opt/splunk/var/spool/dirmoncacheCreating: / opt/splunk/var/lib/splunk/authDbCreating: / opt/ Splunk/var/lib/splunk/hashDbChecking critical directories... DoneChecking indexes...Validated: _ audit _ internal _ introspection _ thefishbucket history main summaryDoneNew certs have been generated in'/ opt/splunk/etc/auth'.Checking filesystem compatibility... DoneChecking conf files for problems...DoneChecking default conf files for edits...Validating installed files against hashes from'/ opt/splunk/splunk-6.4.0-f2c836328108-linux-2.6-x86_64-manifest'All installed files intact.DoneAll preliminary checks passed.Starting splunk server daemon (splunkd)... Generating a 1024 bit RSA private key.+. . + writing new private key to 'privKeySecure.pem'-Signature oksubject=/CN=server1.centos7-test.com/O=SplunkUserGetting CA Private Keywriting RSA keyDone [OK] Waiting for web server at http://127.0.0.1:8000 to be available.... DoneIf you get stuck, we're here to help.Look for answers here: http://docs.splunk.comThe Splunk web interface is at http://server1.centos7-test.com:8000

Now that you can access your Splunk Web interface http://IP:8000 / or http://hostname:8000, you need to make sure that port 8000 is open on top of your server firewall.

4. Configure the Splunk Web interface

I have finished installing Splunk and the Splunk service is running normally on my server. Now I need to set up my Splunk Web interface and access the Splunk web interface using the administrator password I set. The first time you visit the Splunk interface, you use the administrator user and password on the page. Once logged in, on the next page, it will ask to change and confirm your new password. You have now set a new administrator password. Once you log in with your new password, you will have a Splunk dashboard ready to use. Different categories are listed on the home page, and you can select a starting splunking that you want.

5. Add Task

I'm going to add an example for a simple task that is added to the Splunk system. Just see my snapshot to see how I'm going to add it. My task is to add the / var/log folder to the Splunk system's monitoring.

1. Open the Splunk Web interface and on the Settings tab, click > > Select add data option

two。 Our task here is to monitor the folder, so we continue to monitor.

In the monitor options, there are four categories shown in the following figure:

Files and directories: monitoring files / folders

HTTP event Collector: monitoring data flow through HTTP

TCP/UDP: monitoring service port

Cripts: monitoring script

3. According to our purpose, I choose the file and directory options.

4. Select the exact folder path from the server you want to monitor.

5. Now you can start searching and monitoring as required log files.

On the server you can see that my log has been narrowed down to an application.

At this point, the study on "how to install Splunk in CentOS7" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.