Scribd
Upload
34 views5 pages

Module2 - Installation Splunk Page Navigation

This document provides instructions for installing Splunk software on server hardware that meets minimum requirements. It describes creating a mount point for storing Splunk files, downloading and installing the Splunk RPM, and starting the Splunk service. Key Splunk directories and processes are also summarized, including Splunkd, the main Splunk process that runs searches and indexes data, and the Splunk web interface.

Uploaded by

Srini V
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
34 views5 pages

Module2 - Installation Splunk Page Navigation

This document provides instructions for installing Splunk software on server hardware that meets minimum requirements. It describes creating a mount point for storing Splunk files, downloading and installing the Splunk RPM, and starting the Splunk service. Key Splunk directories and processes are also summarized, including Splunkd, the main Splunk process that runs searches and indexes data, and the Splunk web interface.

Uploaded by

Srini V
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Module-2

Installation
What software do you need to install ?

Standard Server Configuration Requirement

Search Head : 2 CPU 4 GB Memory , Disk space with dedicated mount of 20 GB, Linux or Windows 64 Bit
Operation system.

Indexer : 4 CPU 16 GB Memory, Disk space with mount point 20 GB and additional mount point for data
storage approx. 100 GB ( depends on data we store).

Master, Deployment and License server can be on Single server with 2 CPU 4 GB Memory , Disk space
with dedicated mount of 20 GB, Linux or Windows 64 Bit Operation system.

Prerequisites

 NTP should be configured across all Server


 /Splunk mount point with minimum 20 GB space ( dedicatedly for storing splunk Binary)
 Splunk_index mount point for storing actual data on Indexer ( for storing actual data)
 Ports should be opened as per Module 1 Port requirement checklist
Installation

Create mount point /splunk

1. Identify free disk using command #fdisk -l


2. Create physical volume using free disk #pvcreate /dev/sdx ( disk name need to identify
by step1)
3. Create volume #vgcreate vgname /dev/sdx ( vgname of your choice and disk name from
step1)
4. Create Logical volume from above volume group.#lvcreate -L 20G vgname ( -L is logical
volume size, vgname from step 3)
5. Create filesystem#mkfs.ext4 lvname
6. Create mount directory #mkdir /splunk
7. Mount directory with command #mount /dev/vgname/lvname /splunk ( find lvname
using #lvdisplay -v vgname)
8. Do necessary changes in /etc/fstab for Persistent mount point mounting

Splunk Installation -Basic type (Single server)

1. Download free splunk from link:


2. Upload downloaded software to splunk server
3. Install rpm using command #rpm -ivh --prefix /splunk splunkrpmname
4. Start splunk service #/splunk/splunk/bin/splunk start ( press Spacebar for agreeing
Lcense)
5. Run command for auto start of splunk while booting #./splunk enable boot-start -user
splunker
6. Go to browser and type#http://<serverip>:8000
7. Login with default user name #admin and Password #changeme
8. Change password

Understanding Splunk Directory Structure

Splunk Home directory is with name of #splunk. All directories starts from this home
directory path. This Home directory is portable can be easily copied to any server and
start splunk service.
Understanding Splunk Process
Splunkd
Runs on Port 8089 over SSl
Spawns and Controls Splunk child process:
-Splunk Web Proxy, KV store and Introspection services
-Each Search,scripted input or scripted alert
Access, processes and indexes incoming data
Handles all search requests and returns result

Splunk Web
Splunk browser based user interface
Provices both as search and management front end for splunkd process
Runs of 8000 port default
Understanding Splunk Home Page
Splunk Command Line
Options 1

Splunk Distributed Management Console Helps in Monitoring Entire Splunk setup Health and
performance. Default it will run in Basic mode, for Distributed setup we need to configure
explicitly using setting tab.

You might also like