{{tag>[linux splunk]}}
=====Splunk - CentOS7 installation====
====Install and configure OS====
  * Create a virtual machine.
  * Configure network: <code>su - root
hostnamectl set-hostname <enter fqdn>

nmcli c edit <uuid>
 
# set ipv4 address and gateway
nmcli> set ipv4.addresses 1.2.3.4/24 2.3.4.5

# set DNS
nmcli> set ipv4.dns 4.5.6.7 5.6.7.8
nmcli> set ipv4.dns-search yourdomain.com
  
# set autoconnect
nmcli> set connection.autoconnect yes
   
# save and activate
nmcli> save

nmcli c up 'System p4p1'</code>
  * Configure yum repo's.
  * Configure time sync (chrony).
  * Configure [[firewalld_zone_service|firewall, open ports for splunk]].
====Install and configure Splunk====
  * Download Splunk rpm.
  * Create splunk user:<code>groupadd splunk
useradd -d /opt/splunk -m -g splunk splunk</code>
  * Install Splunk:<code>rpm -i splunk-6.2.1-245427-linux-2.6-x86_64.rpm</code>
  * Accept license:<code>./splunk start --accept-license</code>
  * Create systemd service **/usr/lib/systemd/system/splunk.service**:<code>[Unit]
Description=Splunk
After=network.target

[Service]
RemainAfterExit=yes
ExecStart=/opt/splunk/bin/splunk start
ExecStop=/opt/splunk/bin/splunk stop
ExecReload=/opt/splunk/bin/splunk restart
User=splunk
Group=splunk

[Install]
WantedBy=multi-user.target</code>
  * Enable auto start at boot:<code>systemctl enable splunk</code>