splunk_centos7
Table of Contents
Splunk - CentOS7 installation
Install and configure OS
- Create a virtual machine.
- Configure network:
su - root hostnamectl set-hostname <enter fqdn> nmcli c edit <uuid> # set ipv4 address and gateway nmcli> set ipv4.addresses 1.2.3.4/24 2.3.4.5 # set DNS nmcli> set ipv4.dns 4.5.6.7 5.6.7.8 nmcli> set ipv4.dns-search yourdomain.com # set autoconnect nmcli> set connection.autoconnect yes # save and activate nmcli> save nmcli c up 'System p4p1'
- Configure yum repo's.
- Configure time sync (chrony).
- Configure firewall, open ports for splunk.
Install and configure Splunk
- Download Splunk rpm.
- Create splunk user:
groupadd splunk useradd -d /opt/splunk -m -g splunk splunk
- Install Splunk:
rpm -i splunk-6.2.1-245427-linux-2.6-x86_64.rpm
- Accept license:
./splunk start --accept-license
- Create systemd service /usr/lib/systemd/system/splunk.service:
[Unit] Description=Splunk After=network.target [Service] RemainAfterExit=yes ExecStart=/opt/splunk/bin/splunk start ExecStop=/opt/splunk/bin/splunk stop ExecReload=/opt/splunk/bin/splunk restart User=splunk Group=splunk [Install] WantedBy=multi-user.target
- Enable auto start at boot:
systemctl enable splunk
splunk_centos7.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1