Ben Stienstra

Linux, Unix, network, radio and more...

User Tools

Site Tools


splunk_centos7

~~TOC~~

Splunk - CentOS7 installation

Install and configure OS

  • Create a virtual machine.
  • Configure network:
    su - root
    hostnamectl set-hostname <enter fqdn>
    
    nmcli c edit <uuid>
     
    # set ipv4 address and gateway
    nmcli> set ipv4.addresses 1.2.3.4/24 2.3.4.5
    
    # set DNS
    nmcli> set ipv4.dns 4.5.6.7 5.6.7.8
    nmcli> set ipv4.dns-search yourdomain.com
      
    # set autoconnect
    nmcli> set connection.autoconnect yes
       
    # save and activate
    nmcli> save
    
    nmcli c up 'System p4p1'
  • Configure yum repo's.
  • Configure time sync (chrony).

Install and configure Splunk

  • Download Splunk rpm.
  • Create splunk user:
    groupadd splunk
    useradd -d /opt/splunk -m -g splunk splunk
  • Install Splunk:
    rpm -i splunk-6.2.1-245427-linux-2.6-x86_64.rpm
  • Accept license:
    ./splunk start --accept-license
  • Create systemd service /usr/lib/systemd/system/splunk.service:
    [Unit]
    Description=Splunk
    After=network.target
    
    [Service]
    RemainAfterExit=yes
    ExecStart=/opt/splunk/bin/splunk start
    ExecStop=/opt/splunk/bin/splunk stop
    ExecReload=/opt/splunk/bin/splunk restart
    User=splunk
    Group=splunk
    
    [Install]
    WantedBy=multi-user.target
  • Enable auto start at boot:
    systemctl enable splunk
splunk_centos7.txt · Last modified: 2015/01/06 20:48 by admin