Blog

Splunk Cluster setup – 3: Install and Setup Splunk

Posted on October st, 2014 in Server Setup, Splunk, Virtual Server | 3 Comments

Continuing the series of Splunk Cluster setup articles with instructions on Installation and Setup of Ubuntu Linux for Splunk Cluster setup.

Contents:


Details:

Installing and setting up Splunk is pretty straightforward, but you need Splunk.com account and subscription/license. You can download trial version of Splunk Enterprise which will give you 60 days to test drive it and index 500MB of data daily. After 60 days you would have to either downgrade to Free license, which doesn’t give you clustering capabilities, or purchase full license. More info

  1. Go ahead and create Splunk.com account and download latest version of Splunk kernel Linux distributions 32 or 64 bit depending on your configurations, but make sure you download .deb package.Step 24
  2. Once downloaded, Open Terminal and run replacing filename with proper name 
    sudo dpkg -i splunk-6.X.X-XXXX-linux-2.6-amd64.debInstall Splunk
  3. Once package installation is complete, navigate to /opt/splunk/bin folder 
    cd /opt/splunk/bin
  4. And start Splunk for the first time 
    sudo ./splunk start --accept-licenseStart Splunk accepting the license
  5. Once Splunk starts, you will see confirmation: 
    The Splunk web interface is at http://splunk1:8000Finish Splunk installation
  6. Enable Splunk auto-start on boot: 
    sudo /opt/splunk/bin/splunk enable boot-start
  7. That’s it! Let’s login to Splunk web interface by navigating to http://10.121.1.21:8000 replace IP address with yours (get it by running ifconfig)Sign in to Splunk Web
  8. When you login for the first time, you are asked to change your password, do that.Change default password in Splunk Web
  9. When logged in, you might get message about free disk space. Remember, our VM had only 10GB of disk space, 4.5GB of which took OS.Splunk warning messages
  10. Let’s suppress those warnings by adjusting settings in System Settings, General Settings.Splunk Settings Menu
  11. Here you can change Splunk server name, adjust ports etc. But for now lets just change setting at the very bottom of the page: Pause indexing if free disk space (in MB) falls below* Change it to let’s say 500. We can adjust it in production environment later.Splunk Settings
  12. Once saved, you will need to restart Splunk:Splunk Warnings Restart Splunk
  13. And that’s it! We are ready to setup our cluster.
Tags: , , ,

Comments are now closed for this post.