{{tag>[linux splunk]}}
=====Splunk - CentOS7 installation====
====Install and configure OS====
* Create a virtual machine.
* Configure network: su - root
hostnamectl set-hostname
nmcli c edit
# set ipv4 address and gateway
nmcli> set ipv4.addresses 1.2.3.4/24 2.3.4.5
# set DNS
nmcli> set ipv4.dns 4.5.6.7 5.6.7.8
nmcli> set ipv4.dns-search yourdomain.com
# set autoconnect
nmcli> set connection.autoconnect yes
# save and activate
nmcli> save
nmcli c up 'System p4p1'
* Configure yum repo's.
* Configure time sync (chrony).
* Configure [[firewalld_zone_service|firewall, open ports for splunk]].
====Install and configure Splunk====
* Download Splunk rpm.
* Create splunk user:groupadd splunk
useradd -d /opt/splunk -m -g splunk splunk
* Install Splunk:rpm -i splunk-6.2.1-245427-linux-2.6-x86_64.rpm
* Accept license:./splunk start --accept-license
* Create systemd service **/usr/lib/systemd/system/splunk.service**:[Unit]
Description=Splunk
After=network.target
[Service]
RemainAfterExit=yes
ExecStart=/opt/splunk/bin/splunk start
ExecStop=/opt/splunk/bin/splunk stop
ExecReload=/opt/splunk/bin/splunk restart
User=splunk
Group=splunk
[Install]
WantedBy=multi-user.target
* Enable auto start at boot:systemctl enable splunk