![]() ![]() Start splunk server, accept the license and create the admin account as we did with the forwarder: ~]# /opt/splunk/bin/splunk startĬopying '/opt/splunk/etc/openldap/' to '/opt/splunk/etc/openldap/nf'. Register and download Splunk, install on your preferred node: ~]# yum localinstall splunk-7.2.5.1-962d9a8e1586-linux-2.6-x86_64.rpm The following Splunk documents can be looked up for details on how to install and configure Splunk: Usually you should not install any additional 3rd party software on the head node. We are installing it on the head node, just for testing/demo purposes. Reboot the nodes to use the new software image with splunk-forwarder installed and configured Install Splunk Enterprise on your Bright cluster, if it is not already available in your environment: Set the new software image to be used for your nodes, category level or node level: No-new-files: - /etc/systemd/system//rviceĭo the same for excludelistupdate and commit: No-new-files: - /etc/systemd/system/rvice ![]() opt/splunkforwarder/etc/system/local/* We are going to use category level here: ]% category You can set the exclude lists at category level or at node level. We will need to set our exclude lists correctly to avoid overwriting node-specific configuration every time it is rebooted. Tue Apr 16 10:59:20 2019 test14: Provisioning completed: sent node001:/ to test14:/cm/images/splunk-image, mode GRABNEW, dry run = no Tue Apr 16 10:58:49 2019 test14: Provisioning started: sending node001:/ to test14:/cm/images/splunk-image, mode GRABNEW, dry run = no Grab the changes to the new image “splunk-image” % device Tue Apr 16 10:56:21 2019 test14: Initial ramdisk for image splunk-image was generated successfully Tue Apr 16 10:55:54 2019 test14: Initial ramdisk for image splunk-image is being generated Tue Apr 16 10:52:15 2019 test14: Started to copy: /cm/images/default-image -> /cm/images/splunk-image (184) This will save us time and network bandwidth, instead of transferring the full image from node001: % clone default-image splunk-image We will clone the original image used for node001, and then use grabimage to rsync the changes only to the new image. splunk clone-prep-clear-configĮrased key "serverName" from nf contained "node001"Įrased key "guid" from instance.cfg contained "EB49B792-EF31-4E4E-8D49-C8CBFF12A9AC"Įrased key "host" from nf contained "node001" Ĭlear the node specific configuration – preparing for grabimage: bin]#. Please wait, as this may take a few minutes. opt/splunkforwarder/var/log/splunk/audit.log Make sure everything is configured bin]#. These are monitored by the forwarder, and forwarded to the bin]#. Init script is configured to run at boot.Ĭonfigure the forwarder to send the logs to your Splunk bin]#. Init script installed at /etc/systemd/system/. Validating installed files against hashes from '/opt/splunkforwarder/splunkforwarder-7.2.5.1-962d9a8e1586-linux-2.6-x86_64-manifest' New certs have been generated in '/opt/splunkforwarder/etc/auth'. Maybe wish you hadn't.Ĭreating: /opt/splunkforwarder/var/lib/splunkĬreating: /opt/splunkforwarder/var/run/splunkĬreating: /opt/splunkforwarder/var/run/splunk/appserver/i18nĬreating: /opt/splunkforwarder/var/run/splunk/appserver/modules/static/cssĬreating: /opt/splunkforwarder/var/run/splunk/uploadĬreating: /opt/splunkforwarder/var/spool/splunkĬreating: /opt/splunkforwarder/var/spool/dirmoncacheĬreating: /opt/splunkforwarder/var/lib/splunk/authDbĬreating: /opt/splunkforwarder/var/lib/splunk/hashDb WARN: You entered nothing, using the default 'admin' username. Otherwise, you cannot log in.Ĭreate credentials for the administrator account.Ĭharacters do not appear on the screen when you type in credentials. Splunk software must create an administrator account during startup. This appears to be your first time running this version of Splunk. Start the forwarder for the first time, accept the license and create an admin account: ~]# cd bin]#. ![]() Use a working/clean node - node001 in our case - to install and configure Splunk-forwarder. The following Splunk documentation is used as a guide for creating the image: This will then be used to create a new software image using the grabimage command. The method used here is to use a working regular node, with splunk-forwarder installed and configured on it. By following the procedure outlined here: Installing Splunk-Forwarder and building a new software image: ![]()
0 Comments
Leave a Reply. |