Difference between revisions of "splunk enterprise install"

From thelinuxwiki
Jump to: navigation, search
(environment)
 
(One intermediate revision by one user not shown)
Line 5: Line 5:
  
 
filesystem
 
filesystem
/dev/mapper/splunkvm--vg-root  18G  8.6G  8.3G  51% /
+
/dev/mapper/splunkvm--vg-root  18G  8.6G  8.3G  51% /
/dev/mapper/splunkvm--vg-home  20G  651M  19G  4% /home
+
/dev/mapper/splunkvm--vg-home  20G  651M  19G  4% /home
/dev/mapper/splunkvm--vg-var    52G  3.3G  47G  7% /var
+
/dev/mapper/splunkvm--vg-var    52G  3.3G  47G  7% /var
/dev/mapper/splunkvm--vg-tmp  433M  17K  405M  1% /tmp
+
/dev/mapper/splunkvm--vg-tmp  433M  17K  405M  1% /tmp
 
+
  
 
==install steps==
 
==install steps==
Line 20: Line 19:
 
  # dpkg -i splunk-9.2.1-78803f08aabb-linux-2.6-amd64.deb
 
  # dpkg -i splunk-9.2.1-78803f08aabb-linux-2.6-amd64.deb
  
===change SPLUNK_DB default location=== or it will fill the root filesystem.
+
===change SPLUNK_DB default location===  
 +
or it will fill the root filesystem.
 
  # vi /opt/splunk/etc/splunk-launch.conf
 
  # vi /opt/splunk/etc/splunk-launch.conf
  
Line 28: Line 28:
 
  SPLUNK_DB=/var/lib/splunk
 
  SPLUNK_DB=/var/lib/splunk
  
===start splunk=== and set admin username/password
+
===start splunk===  
 +
and set admin username/password
 
  # /opt/splunk/bin/splunk start --accept-license
 
  # /opt/splunk/bin/splunk start --accept-license
 
  ...
 
  ...
Line 37: Line 38:
 
  Please confirm new password: ********
 
  Please confirm new password: ********
  
===login to server=== via browser on port 8000
+
===login to server===  
 +
via browser on port 8000

Latest revision as of 06:03, 25 June 2024

Contents

environment

version: splunk 9.2.1

O.S. - debian 12

filesystem

/dev/mapper/splunkvm--vg-root   18G  8.6G  8.3G  51% /
/dev/mapper/splunkvm--vg-home   20G  651M   19G   4% /home
/dev/mapper/splunkvm--vg-var    52G  3.3G   47G   7% /var
/dev/mapper/splunkvm--vg-tmp   433M   17K  405M   1% /tmp

install steps

download package


install package

# dpkg -i splunk-9.2.1-78803f08aabb-linux-2.6-amd64.deb

change SPLUNK_DB default location

or it will fill the root filesystem.

# vi /opt/splunk/etc/splunk-launch.conf

change

# SPLUNK_DB=/home/build/build-home/var/lib/splunk

to

SPLUNK_DB=/var/lib/splunk

start splunk

and set admin username/password

# /opt/splunk/bin/splunk start --accept-license
...
Please enter an administrator username: splunkadmin
Password must contain at least:
  * 8 total printable ASCII character(s).
Please enter a new password: ********
Please confirm new password: ********

login to server

via browser on port 8000