Slowly gaining more experience with Splunk and realizing power of this unique app, I ventured into cluster setup for Splunk 6.1 as part of the current initiative for the client I’m working with.
Below is a quick step-by-step instructions set which I compiled mainly for myself as a documentation.
Contents:
- Setup VMWare Virtual Machine (Azure services)
- Install and Setup Ubuntu Linux (Azure services)
- Install and Setup Splunk
- Indexes Configuration
- Enable Clustering
- Add second Splunk instance to the cluster
- * Potential problems
- Add third Splunk instance to the cluster (Search Head)
Details:
Tools required:
VMWare virtualization software. I used VMWare Fusion since Mac is my hosted platform.
Ubuntu Linux Installation disk image
System Requirements for VMWare Fusion and Ubuntu
Setup VMWare Fusion virtual machine
- Start by selecting Create a custom virtual machine in VMWare Fusion
- Choose Ubuntu 64-bit as Operating System
- Accept default settings and Create a new virtual disk
- Under Finish screen, click on Customize Settings and save your machine
- You can then customize Virtual Disk capacity from Settings Screen.
- I changed Disk size to 10GB for master, you can set it to your desired value
- Now let’s choose downloaded installation image of Ubuntu
- Connect CD/DVD to access downloaded DMG file as an installation CD
- You are now ready to install Ubuntu OS
