Installing Splunk (BIG MACHINE DATA) on linode!
Splunk was recently acquired by Cisco, so in celebration, let’s spin up a fresh instance on a Centos 7 linode and install the universal forwarder on our local Pop!_OS machine. Thank you for watching and I hope you enjoy!
All of this is obviously at your own risk/peril. I accept no responsibility for you doing what I do in this video, as you may have different results:
==========================================
commands I ran on the linode:
==========================================
yum install wget
wget -O splunk-9.1.2-b6b9c8185839-Linux-x86_64.tgz “https://download.splunk.com/products/splunk/releases/9.1.2/linux/splunk-9.1.2-b6b9c8185839-Linux-x86_64.tgz”
tar -xvzf splunk-9.1.2-b6b9c8185839-Linux-x86_64.tgz -C /opt
firewall-cmd –add-port=8000/tcp
firewall-cmd –add-port=9997/tcp
firewall-cmd –runtime-to-permanent
/opt/splunk/bin/splunk start –accept-license
==========================================
commands I ran on the end client:
==========================================
su root
cd /opt
wget -O splunkforwarder-9.1.2-b6b9c8185839-Linux-x86_64.tgz “https://download.splunk.com/products/universalforwarder/releases/9.1.2/linux/splunkforwarder-9.1.2-b6b9c8185839-Linux-x86_64.tgz”
tar xvzf splunkforwarder-9.1.2-b6b9c8185839-Linux-x86_64.tgz
useradd -m splunkfwd
export SPLUNK_HOME=”/opt/splunkforwarder”
chown -R splunkfwd:splunkfwd /opt/splunkforwarder
sudo $SPLUNK_HOME/bin/splunk start –accept-license
$SPLUNK_HOME/bin/splunk add forward-server [PUT YOUR SPLUNK ENTERPRISE (LINODE) SERVER IP HERE]:9997
./splunk set deploy-poll [PUT YOUR SPLUNK ENTERPRISE (LINODE) SERVER IP HERE]:8089
./splunk add monitor /var/log
==========================================
END OF COMMANDS
==========================================
centos 7
