Skip to main content

Installation of splunk and splunkforwarder

splunk and splunk forwarder installation

create a group and account for splunk user
---------------------------------------
/usr/sbin/groupadd -g 9991 splunk
/usr/sbin/adduser  -c "Splunk" -u 9991 -g 9991 -s /bin/bash -d /opt/splunk -m splunk
cp -r /etc/skel/ /opt/splunk
chown -R splunk:splunk /opt/splunk/

set the limit for the splunk
---------------------------------------

vi /etc/security/limits.d/99-mrll-splunk.conf

splunk  hard    nofile  20240
splunk  soft    nofile  10240
splunk  hard    nproc  10240
splunk  soft    nproc  2048


Set the environment path for the splunk home directory


echo "# The btool command does not have the right LD_LIBRARY_PATH...
LD_LIBRARY_PATH=:/opt/splunk/lib
export LD_LIBRARY_PATH

# also set the splunk home for the application
SPLUNK_HOME=/opt/splunk
export SPLUNK_HOME

# and set the path for the user
PATH=${PATH}:/opt/splunk/bin
export PATH
" >> /opt/splunk/.bashrc

Install the splunk

rpm -ivh splunk-6.5.2-67571ef4b87d-linux-2.6-x86_64.rpm
su - splunk -c '/opt/splunk/bin/splunk start --accept-license --answer-yes'
sudo /opt/splunk/bin/splunk enable boot-start -user splunk --accept-license --answer-yes


Install the splunk forwarder

rpm -ivh splunkforwarder-6.5.2-67571ef4b87d-linux-2.6-x86_64.rpm
su - splunk -c '/opt/splunkforwarder/bin/splunk start --accept-license --answer-yes'
 /opt/splunkforwarder/bin/splunk enable boot-start -user splunk --accept-license --answer-yes

Comments

Popular posts from this blog

Command for finding process using too much CPU

Command for finding process using too much CPU   Try doing this : top - b - n1 - c   And if you want the process that takes the most %CPU times : top - b - n1 - c | awk '/PID *USER/{print;getline;print}' or top - b - n1 - c | grep - A 2 '^$'       Or using a few other utils you could do: ps aux | sort - rk 3 , 3 | head - n 5   Change the value of head to get the number of processes you want to see.

User account Lock/Unlock / Disable and enable

User account Lock/Unlock / Disable and enable Ex - Username - testing Lock command =---------- passwd -l testing or usermod -L testing unlock command ================= passwd -u testing or usermod -U testing Disable and Enable ==================== The following will lock an account Code: passwd -l testing You could also change the users shell to /bin/false if you don't want them to log in Code: usermod -s /bin/false testing Enable the account usermod -s /bin/bash tesing

Ntp Time update

Ntp Time update --------------------------- "yum install ntp" (or is it "yum install ntpd").   In my opinion, if you see the TIME DRIFT messages, feel free to run one of the following commands: sudo /sbin/ntpdate server1.yoga.com