Splunk Standalone node
installations
Environment Setup
·
Download Ubuntu Linux 12.04.3 LTS or CentOS 6.7 (Any linux flavor)
·
Download Latest Splunk Enterprise tar ball ( For simplicity)
Pre-requisites
·
Do the necessary network
settings and assign static IP if preferred.
·
Assign the hostname in network
and hosts files.
·
All hosts must be recent
version of Linux x86_64 (kernel +2.6)
- Python 2.7 must installed and present in
PATH. Python 3 is NOT supported.
- Additionally, the following Python
modules must be installed:
- pycrypto (needed by paramiko)
- simplejson
- pyyaml
* These modules can usually be
installed using 'pip'
- sar must be installed on all systems.
- needed for metrics
- All hosts must be reachable from each
other.
- DNS must be working or,
alternatively, host files must be working
- All hosts must be running SSH.
- Preferably, SSH keys should be
exchanged to all
- Time is synchronized on all hosts.
- This is *extremely* important as many
measurements depend on time
accuracy.
Install python 2.7
Redhat now has "Software Collections" which take care
of this sort of thing, so you can do:
yum install centos-release-SCL
yum install python27
yum install python27
Then if you want to use if in your
shell you would run something like:
scl enable python27 bash
Which sets up the correct
environment variables (including PATH and LD_LIBRARY_PATH etc) and dumps you
into a new shell - pretty sure it would't be too hard to make that the
default.....
Install pycrypto
yum install
gmp-devel
pip install
pycrypto
Install SimpleJson.
Install Pyyaml
Install sar
yum install
syssstat
Splunk Enterprice installation.
Untar the splunk tar ball to the /opt location (or any other
preferred one)
[root@splunk_standalone
sbk_files]# tar -zxvf splunk-6.3.1-f3e41e4b37b2-Linux-x86_64.tgz -C /opt
Go the /opt check the
splunk folder created
[root@splunk_standalone
opt]# ll
total 11936
-rw-r--r--. 1 root root
1522812 Mar 5 12:15 get-pip.py
drwxr-xr-x. 18
1000 1000 4096 Apr 14 21:38
Python-2.7.6
-rw-r--r--. 1 root root 10431288 Nov 10 2013 Python-2.7.6.tar.xz
drwxr-xr-x. 8 root root 4096 Apr 14 22:04 PyYAML-3.11
-rw-r--r--. 1 root root
248685 Mar 26 2014
PyYAML-3.11.tar.gz
drwxr-xr-x. 2 root root 4096 Mar 26 2015 rh
drwxr-xr-x. 8
506 506 4096 Oct 30 2015 splunk
[root@splunk_standalone
opt]#
Check the files installed under Splunk directory.
[root@splunk_standalone
opt]# cd splunk/
[root@splunk_standalone
splunk]# ll
total 1796
drwxr-xr-x. 4 506 506
4096 Oct 30 2015 bin
-r--r--r--. 1 506 506
57 Oct 30 2015 copyright.txt
drwxr-xr-x. 14
506 506 4096 Oct 30 2015 etc
-rw-r--r--. 1 506 506 0 Oct 30
2015 ftr
drwxr-xr-x. 3 506 506
4096 Oct 30 2015 include
drwxr-xr-x. 6 506 506
4096 Oct 30 2015 lib
-r--r--r--. 1 506 506
62027 Oct 30 2015
license-eula.txt
drwxr-xr-x. 3 506 506
4096 Oct 30 2015 openssl
-r--r--r--. 1 506 506
509 Oct 30 2015 README-splunk.txt
drwxr-xr-x. 3 506 506
4096 Oct 30 2015 share
-r--r--r--. 1 506 506 1737206 Oct 30 2015
splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64-manifest
[root@splunk_standalone
splunk]#
Now start the splunk first time and accept the license
[root@splunk_standalone
splunk]# ./bin/splunk start --accept-license
This appears
to be your first time running this version of Splunk.
Copying
'/opt/splunk/etc/openldap/ldap.conf.default' to
'/opt/splunk/etc/openldap/ldap.conf'.
Generating RSA
private key, 1024 bit long modulus
..........................++++++
..++++++
e is 65537
(0x10001)
writing RSA
key
Generating RSA
private key, 1024 bit long modulus
...++++++
...........++++++
e is 65537
(0x10001)
writing RSA
key
Moving
'/opt/splunk/share/splunk/search_mrsparkle/modules.new' to
'/opt/splunk/share/splunk/search_mrsparkle/modules'.
Splunk>
CSI: Logfiles.
Checking
prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]:
open
Checking kvstore port [8191]: open
Checking configuration... Done.
Creating:
/opt/splunk/var/lib/splunk
Creating:
/opt/splunk/var/run/splunk
Creating:
/opt/splunk/var/run/splunk/appserver/i18n
Creating:
/opt/splunk/var/run/splunk/appserver/modules/static/css
Creating:
/opt/splunk/var/run/splunk/upload
Creating: /opt/splunk/var/spool/splunk
Creating:
/opt/splunk/var/spool/dirmoncache
Creating:
/opt/splunk/var/lib/splunk/authDb
Creating:
/opt/splunk/var/lib/splunk/hashDb
Checking critical directories... Done
Checking indexes...
Validated: _audit _internal
_introspection _thefishbucket history main summary
Done
New certs have
been generated in '/opt/splunk/etc/auth'.
Checking filesystem
compatibility... Done
Checking conf files for problems...
Done
Checking default conf files for
edits...
Validating installed files against
hashes from '/opt/splunk/splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64-manifest'
All installed files intact.
Done
All preliminary
checks passed.
Starting
splunk server daemon (splunkd)...
Generating a
1024 bit RSA private key
...............................................................................................++++++
..............++++++
writing new
private key to 'privKeySecure.pem'
-----
Signature ok
subject=/CN=splunk_standalone/O=SplunkUser
Getting CA
Private Key
writing RSA
key
Done
[ OK ]
Waiting for
web server at http://127.0.0.1:8000 to be available...... Done
If you get
stuck, we're here to help.
Look for
answers here: http://docs.splunk.com
The Splunk web
interface is at http://splunk_standalone:8000
Start the Splunk Web Interface at http://splunk_standalone:8000
First time when you open the page you’ll have to
change the password, default is admin and changeme
Password can start be set in the backend in CLI
splunk edit
user admin -password <New_Splunk_Admin_Password> -role admin -auth
admin:changeme
Under SettingàSystemsàlicense change the
license group to free license and you’re all set to go
Finally.
Added in bash profile file
Splunkhome and bin in path.
Splunk start
Splunk restart
Splunk stop
Above will start both splunkd
and splunkweb deamons.